Microsoft outs temporary fix for Duqu Word exploit

Microsoft has released a temporary 'fix' for a vulnerability in its Word software that has led to users being infected by the Duqu Trojan.

The software giant has confirmed that the security exploit was caused by a previously unknown flaw [ ] in its Win32k Truetype font parsing engine.

As yet, the company has only issued a temporary workaround, which can be downloaded here and prevents the exploit from working.Microsoft admits, however, that the quick fix may cause some documents to display incorrectly.

Engineers are said to be working on a permanent fix to the problem - but Microsoft said the solution was unlikely to be ready this month, and did not offer a release date.

According to Microsoft's advisory, the vulnerability in its code allowed hackers to "install programs; view, change or delete data; or create new accounts with full user rights", adding: "This vulnerability is related to the Duqu malware."

Duqu - which shows striking similarities to earlier malware Stuxnet - is believed to be used to identify and steal documents from organisations for the purposes of industrial espionage. It was first reported on Wednesday that the Trojan had spread thanks to a vulnerability in Microsoft Word.

Security firm Symantec has confirmed Duqu infections at six different computer networks belonging to unidentified organisations in eight countries.