The Trojan malware is thought to have been designed to steal data from industrial organisations.
Microsoft said it has traced the root of the exploit back to a flaw in its Win32k Truetype font parsing engine.
It offered a workaround download and said its engineers were working on a definitive security update.
Microsoft said the vulnerability in its code allowed attackers to “install programs; view, change or delete data; or create new accounts with full user rights”.
“This vulnerability is related to the Duqu malware,” it said.
Microsoft said the full update would not be ready this month, and did not provide a target release date.
In the meantime it said that the workaround will cause some documents to “fail to display properly”.
Read more - BBC News