In the company's security advisory Microsoft said that attackers exploiting the TrueType vulnerability—which Duqu exploited through a Microsoft Word document—could gain access to the Windows kernel and run shell code. "The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," Microsoft's statement said.
As a temporary workaround, Microsoft recommends shutting off access to T2EMBED.DLL, the dynamic link library that allows applications to display TrueType fonts. While the fix will prevent attacks, it also means that fonts won't display properly in applications. But Microsoft's security team sees the threat from Duqu as limited, stating that "overall, we see low customer impact at this time."