The vulnerability affects the Win32k TrueType font parsing engine and allows hackers to run arbitrary code in kernel mode

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Microsoft has shipped an advisory to formally confirm the zero-day vulnerability used in the Duqu malware attack and is offering a temporary “fix-it” workaround to help Windows users block future attacks.

The vulnerability affects the Win32k TrueType font parsing engine and allows hackers to run arbitrary code in kernel mode, Microsoft said in its security advisory.

The company also confirmed my earlier report that this vulnerability will NOT be patched as part of this month’s Patch Tuesday bulletins.

The advisory includes a pre-patch workaround that can be applied to any Windows system.

To make it easy for customers to install, Microsoft released a fix-it that will allow one-click installation of the workaround and an easy way for enterprises to deploy. The one-click workaround can be found at the bottom of this KB article.

Microsoft explained that the Duqu malware exploit targets a problem in one of the T2EMBED.DLL, which called by the TrueType font parsing engine in certain circumstances.  The workaround effectively denies access to T2EMBED.DLL, causing the exploit to fail.