Today we released Security Advisory 2639568 to provide customer guidance for the Windows kernel issue related to the Duqu malware. I would like to provide you information on how to protect your system(s), how we are addressing the issue, and insight into our threat landscape monitoring capabilities.
The security advisory provides a workaround that can be applied to any Windows system. To make it easy for customers to install, we have released a Fix it that will allow one-click installation of the workaround and an easy way for enterprises to deploy.
To further protect customers, we provided our partners in the Microsoft Active Protections Program (MAPP) detailed information on how to build detection for their security products. This means that within hours, anti-malware firms will roll out new signatures that detect and block attempts to exploit this vulnerability. Therefore we encourage customers to ensure their antivirus software is up-to-date.
Additionally, our engineering teams determined the root cause of this vulnerability, and we are working to produce a high-quality security update to address it. At this time, we plan to release the security update through our security bulletin process, although it will not be ready for this month’s bulletin release.
Finally, given our ability to detect exploit attempts for this issue, we are able to closely monitor the threat landscape and will notify customers if we see any indication of increased risk. As previously stated, the risk for customers remains low. However, that is subject to change so we encourage customers to either apply the workaround or ensure their anti-malware vendor has added new signatures based on the information we’ve provided them to ensure protections are in place for this issue.
Group Manager, Response Communications
Trustworthy Computing Group