Microsoft Security Advisory (2639658): Vulnerability in TrueType Font Parsing Could Allow Elevation


Extraordinary Robot
News Feed
Revision Note: V1.3 (November 8, 2011): Added link to MAPP Partners with Updated Protections in the Executive Summary. Revised impact statement for the workaround, Deny access to T2EMBED.DLL, to address a reoffer issue on Windows XP and Windows Server 2003. Also, revised the mitigating factors.
Summary: Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware.


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.