Windows Zero Day / Duqu Exploit

November 7, 2011 · Author: Apolonio Garcia · Filed Under Redefining IT Security Blog · Comment 

Last week a very significant, previously unidentified, Microsoft Windows flaw was announced. This specific flaw allows remote attackers to execute arbitrary code via crafted font data in Word documents. It is actively being exploited in the wild by the Duqu worm/trojan.

Considerations

  • Research vulnerability and known exploits/threats (see links below for a good start).
  • Triage the vulnerability (see Vulnerability Triage Process below if you don’t already have a method) to determine the appropriate threat mitigation strategy.
  • Communicate the potential risk and plan of attack to management (solicit feedback/approval).
  • Test workaround/mitigation strategy before deployment.
  • Adjust strategy (if necessary) and execute plan.

Vulnerability Research

Microsoft Technet

PCWorld

Exploit/Threat Research

Symantec Research

Wikipedia: Duqu

Vulnerability Triage Process

Cisco’s Vulnerability Risk Triage Model

 

Bookmark and Share

Tags: , , , ,

Comments

Leave a Reply




Home