MS14-079 - Moderate: Vulnerability in Kernel-Mode Driver Could Allow Denial of Service...

Discussion in 'Security Alerts' started by News, Nov 12, 2014.

  1. News

    News Extraordinary Robot
    News Feed

    Jun 27, 2006
    Likes Received:
    Severity Rating: Moderate
    Revision Note: V1.0 (November 11, 2014): Bulletin published.
    Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker places a specially crafted TrueType font on a network share and a user subsequently navigates there in Windows Explorer. In a web-based attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit such websites. Instead, an attacker would have to persuade users to visit a website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website.

    Continue reading...

Share This Page