Wednesday, 5 February, 2025

Subscribe to Newsletter
HOME
 		  NEWS
 		  Knowledge Center
 		 
News

Kaspersky Lab Protects Against Duqu-originated Zero-day Vulnerability in Windows

Published Nov 13, 2011
Kaspersky Lab, a leading developer of secure content and threat management solutions, announces that its security solutions are now detecting the vulnerability that was used for distributing all known versions of the infamous Duqu Trojan. Kaspersky Lab’s experts have successfully implemented protection against Trojan.Win32.Duqu.a as well as other malicious programs exploiting the CVE-2011-3402 vulnerability.

The “zero-day” type of vulnerability in question was found in the Win32k TrueType font-parsing engine; as such, the vulnerability affects various office programs. For example, a specially crafted Microsoft Word document opened on a victim’s machine can be used to elevate privileges and then run arbitrary code.

More information about the vulnerability can be found on Microsoft’s website. Kaspersky Lab would like to thank Microsoft for providing it with certain technical details regarding the vulnerability, which helped speed up the process of detection. All Kaspersky Lab security solutions detect this vulnerability under the name Exploit.Win32.CVE-2011-3402.a as of November 6, 2011.

Meanwhile new information about Duqu, the recently discovered Trojan that has close ties to Stuxnet “industrial” malware, has emerged. Kaspersky Lab confirms that some of Duqu’s targets were hit as early as in April 2011, utilizing the abovementioned CVE-2011-3402 vulnerability. In the same month of April Iranian officials reported a cyber-attack carried out by malware called Stars. According to some reports, Stars could be an early version of Duqu. If these reports are true, this could mean that the main purpose of Duqu is conducting industrial espionage on Iran’s nuclear program.

In the meantime Microsoft has issued a temporary patch for the newly discovered vulnerability, with a permanent security fix to be distributed later. Kaspersky Lab’s products are now able to block all malicious programs using this type of vulnerability, preventing other cybercriminals from exploiting the serious zero-day security hole.


Rate This:

Posted by VMD - [Virtual Marketing Department]

Poll
What is your favourite search engine?
Google
Yahoo
Bing

Most Viewed
  Riverbed Launches Industry’s Most Complete Digital Experience Management Solution
  Credence Security to Address Growing Market for GRC Solutions in Middle East Through Partnership with Rsam
  New Mimecast Archive Cloud Capability Streamlines GDPR Management for Email
  Planning and Scheduling Software–Helping Manufacturers Keep Their Customers Happy
  Farsight Security and Infoblox Provide Zero-Hour Protection Against Cyberattacks Due to New Domains
  Fujitsu Launches High-Security Biometric Authentication Solution for Active Directory IT Environments
  Rackspace Wins 2017 Red Hat Innovator of the Year Award
  ServiceNow Survey Shows 2018 as the Year of Automation for Routine Enterprise Work
  4 Tech Hacks to Faster Customer Onboarding
  New Mimecast Report Detects 400% Increase in Impersonation Attacks
Contact Us
Site Map
News RSS
Terms of Use

Developed & Managed By ROOT Technologies - Copyrights ROOT Technologies - All Rights Reserved.