Microsoft Security Advisory (2639658): Vulnerability in TrueType Font Parsing Could Allow Elevation

Discussion in 'Security Alerts' started by News, Nov 3, 2011.

  1. News

    News Extraordinary Robot
    News Feed

    Joined:
    Jun 27, 2006
    Messages:
    26,203
    Likes Received:
    20
    Revision Note: V1.0 (November 3, 2011): Advisory published.
    Summary: Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware.

    More...
     

Share This Page

Loading...