Duqu Installer Contained Microsoft Word Zero-Day Exploit
Earlier this week Symantec released an update on Duqu. Apparently an installer was found for Duqu (dubbed Stuxnet II) that used a Microsoft Zero-day:
“The installer file is a Microsoft Word document (.doc) that exploits a previously unknown kernel vulnerability that allows code execution. We contacted Microsoft regarding the vulnerability and they’re working diligently towards issuing a patch and advisory. When the file is opened, malicious code executes and installs the main Duqu binaries.”
So far Duqu infections have been confirmed in six organizations in eight countries. The locations include France, India, Iran and Sudan.
In a short release on Tuesday, Microsoft stated that they know of the threat and are working on getting it patched, “We are working diligently to address this issue and will release a security update for customers.”