Temporary remedy against Dugu
By Gina on November 4, 2011 | Vulnerabilities, Dugu malware, Dugu virus, Dugu scam, Windows vulnerability, Windows flaw, Stuxnet worm, Dugu worm, Microsoft security advisory, Trojan infection
Microsoft released temporary patch for a critical Windows vulnerability. Dugu infection has already made manufacturers of industrial systems suffer because of serious malware.
On Tuesday, Microsoft dropped advisory which claims that unknown flaw in the Win32k TrueType font-parsing engine made changes of every supported version of Windows. Recently this vulnerability was used to spread Dugu malware which is considered to be derived from last year’s dangerous Stuxnet worm which targeted Iran’s uranium enrichment program.
At the Microsoft’s advisory: “An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.“
As a temporary way out of this situation may be Fix it which is designed to protect against exploits until a fixed patch is released. However, Microsoft doesn‘t comment when it will happen until next regular Patch Tuesday. What is more, Microsoft said they have been already shared details with security partners.
A spokesman in Microsoft's Response Communications and Trustworthy Computing groups, Jerry Bryant commented: „This means that within hours, anti-malware firms will roll out new signatures that detect and block attempts to exploit this vulnerability. Therefore, we encourage customers to ensure their antivirus software is up-to-date.“
More Vulnerabilities news
Shocking: 9 out of 10 websites still vulnerable to old attacks
Did you know that less than 10% of websites are safe from attacks that have struck the internet in 2009? Back then there was a breakout of Man-in-the-middle (MITH) attacks that included an injection of a malicious code in to the browser but even after 3 years these problems are very sensitive. SSL Pulse reportIt seems that companies live in a bubble as far as IT safety is concerned. A project called SSL Pulse that is monitoring 200. Read more.- Mozilla's decision: Firefox is blocked from running unpatched Java plugins
- Facebook still is a wonderland for cybercriminals
- Microsoft talks about dangerous flaw in a Windows
- 17 high-risk flaws are fixed in Chrome; Google pays $47,500 in bug bounties
- Google bypassed Safari's No Tracking settings
- Research reveals – 4/5 of security threats come from third-party software
- Google Wallet hack revealed
- Denial-of-service flaw is fixed by Oracle
- Firefox 9.0 and four critical flaws fixed
- Major flaw of Adobe Reader and Acrobat 9.x is patched
