Last week a very significant, previously unidentified, Microsoft Windows flaw was announced. This specific flaw allows remote attackers to execute arbitrary code via crafted font data in Word documents. It is actively being exploited in the wild by the Duqu worm/trojan.
Considerations
- Research vulnerability and known exploits/threats (see links below for a good start).
- Triage the vulnerability (see Vulnerability Triage Process below if you don’t already have a method) to determine the appropriate threat mitigation strategy.
- Communicate the potential risk and plan of attack to management (solicit feedback/approval).
- Test workaround/mitigation strategy before deployment.
- Adjust strategy (if necessary) and execute plan.
Vulnerability Research
Exploit/Threat Research
Vulnerability Triage Process
Cisco’s Vulnerability Risk Triage Model