Microsoft has issued a work-around for the attack against the Win32k TrueType font parsing engine, which is an advanced piece of malicious software still undergoing analysis by researchers.
As Microsoft builds a patch for the vulnerability, they have issued a temporary work-around to "blunt" attacks against the Win32k TrueType font parsing engine--Duqu attacks. This attack can be delivered by a malicious Microsoft Word document, which could easily be sent as an email attachment or distributed by a website download.
Microsoft's workarounds are a few lines of code that run at an administrative command prompt. But, by running the code, it would cause some applications that rely on embedded font technology to not run correctly or display properly.
The workarounds apply to Microsoft's XP, Vista and 7 operating systems as well as to various Windows Server products.