Microsoft Windows is still in the works to fix a vulnerability linked with the Duqu virus found earlier this month.
“The installer file is a Microsoft Word document (.doc) that exploits a previously unknown kernel vulnerability that allows code execution. When the file is opened, malicious code executes and installs the main Duqu binaries,” said a post on Symantec’s security blog.
“The Word document was crafted in such a way as to definitively target the intended receiving organization,” it added.
The well-targeted attacks has no workarounds as of yet, with Symantec saying, “Unfortunately, no robust workarounds exist at this time other than following best practices, such as avoiding documents from unknown parties and utilizing alternative software.”
“Once Duqu is able to get a foothold in an organization through the zero-day exploit, the attackers can command it to spread to other computers.”
To this point, infections have appeared in several countries, including Austria, Hungary, and the United Kingdom.
Microsoft’s security response team tweeted, “We are working to address a vulnerability believed to be connected to the Duqu malware.”