Duqu Installer Exploits Windows Kernel Zero Day

Trailrunner7 writes with an excerpt from Threatpost: "A newly discovered installer for the Duqu malware includes an exploit for a previously unknown vulnerability in the Windows kernel that allows remote code execution. Microsoft is working on a fix for the kernel vulnerability right now. The exact location and nature of the flaw isn't clear right now. The installer uses a Word document to exploit the vulnerability and then install the Duqu binaries."

First post

[GameboyRMH]

Says it can spread over SMB shares too, but I don't think anyone in my company is dumb enough to ^H^H^H^ NO CARRIER

Reverse the exploited hole

[tepples]

But how do you reverse such a hole? Like this.

Re:Word document for a remote exploit?

[ArhcAngel]

How long until this is used to create a script to jailbreak windows so we can install what we want on it?

Re:HOW the HELL

do you have a kernel security bug in a word processor?

It's called "innovation". Microsoft has it, other companies and groups don't. While Microsoft has been busily advancing the security flaw sciences over the life of the company, the Linux and *BSD teams still consider it a major breakthrough worth front-page news whenever they develop a rare, very-special-case privilege escalation bug under certain kernel options (and only if you made stupid decisions in your other programs). And while Apple is still struggling to come up with ways to relinquish root on their systems to catch up with the state-of-the-art from ten years ago, Microsoft is blazing forward, creating new and innovative violations such as drive-by downloads in IE, invisible trojans from downloads, and now even their lowly word processor can cause a complete rooting at the kernel level.

Microsoft. They still lead innovation.