DTP


 
Lively discussions on the graphic arts and publishing — in print or on the web


Go Back   Desktop Publishing Forum > General Discussions > Fonts & Typography

Reply
 
Thread Tools Display Modes
Old 11-04-2011, 03:08 PM   #1
Hugh Wyn Griffith
Member
 
Join Date: Jan 2005
Posts: 2,431
Default MS advises True Type attack vulnerability

Just came across a reference to this in the Norton Forums:

=====================

Microsoft Security Advisory (2639658)

Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege


Executive Summary

Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

[ ... ]



Mitigating Factors
  • The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must open an attachment that is sent in an e-mail message.
=================================

One of my Norton colleagues added this comment:


Quote:
This zero-day vulnerability is associated with the Duqu worm which targets industial operations and is spread in email attachments. Norton currently protects against Duqu itself, and according to this Microsoft TechNet blog all security vendors should have signatures to block exploitation of the vulnerability within hours

   
__________________


Hugh
Hugh Wyn Griffith is offline   Reply With Quote
Old 11-04-2011, 06:48 PM   #2
Steve Rindsberg
Staff
 
Join Date: Nov 2004
Posts: 6,713
Default

Hugh ... wow. Ugly. Thanks for posting that.

I've found a few MS links that include one of their FixIt thingies and a command line workaround. Both disable the system's ability to use embedded fonts, which should make it safe to open received Word, PowerPoint etc. files.

Posted them here:

MS warns of TrueType attack vulnerability
http://www.pptfaq.com/FAQ01135_MS_wa...nerability.htm

   
__________________
Steve Rindsberg
====================
www.pptfaq.com
www.pptools.com
and stuff
Steve Rindsberg is offline   Reply With Quote
Old 11-05-2011, 08:18 AM   #3
Hugh Wyn Griffith
Member
 
Join Date: Jan 2005
Posts: 2,431
Default

I gather from Norton that the attack is directed at business users rather than they home type and so most of us need not worry -- especially if they do as they always should and not open attactments unless they are from someone they know and expected.

   
__________________


Hugh
Hugh Wyn Griffith is offline   Reply With Quote
Old 11-05-2011, 02:40 PM   #4
Steve Rindsberg
Staff
 
Join Date: Nov 2004
Posts: 6,713
Default

If people did as they always should, we'd have very few malware/virus problems.

My rule of thumb is that attachments hit the trash, or at least remain unopened unless the sender's known AND the body of the email contains an explanation of what the file is and why I might want to open it and the explanation is in a voice that sounds as though it matches the sender's.

If the explat sounds like Chinese googlemangled into English and I haven't asked the person for a file, it gets binned, no questions asked. Life's too short and cleaning up computers is too long.

   
__________________
Steve Rindsberg
====================
www.pptfaq.com
www.pptools.com
and stuff
Steve Rindsberg is offline   Reply With Quote
Old 11-05-2011, 02:50 PM   #5
Hugh Wyn Griffith
Member
 
Join Date: Jan 2005
Posts: 2,431
Default

I find looking at Properties / View Source of the message is often very informative ...

   
__________________


Hugh
Hugh Wyn Griffith is offline   Reply With Quote
Old 11-06-2011, 09:07 AM   #6
Steve Rindsberg
Staff
 
Join Date: Nov 2004
Posts: 6,713
Default

>> I find looking at Properties / View Source of the message is often very informative ...

Likewise. But when offering advice to the general computing public, I like to apply the "Would my mom understand how to do this?" test.

Mom doesn't want to hear about reading raw email headers, but she understands "Do I know this person? No? DEL" ;-)

   
__________________
Steve Rindsberg
====================
www.pptfaq.com
www.pptools.com
and stuff
Steve Rindsberg is offline   Reply With Quote
Old 11-06-2011, 05:52 PM   #7
Hugh Wyn Griffith
Member
 
Join Date: Jan 2005
Posts: 2,431
Default

Quote:
Originally Posted by Steve Rindsberg View Post
>> [ ... ]

Mom doesn't want to hear about reading raw email headers, but she understands "Do I know this person? No? DEL" ;-)
But the danger is when the incoming From is spoofed and she does know the name ....

My wife has adopted "if it has an attachment I don't open it PERIOD I ask Hugh"

   
__________________


Hugh
Hugh Wyn Griffith is offline   Reply With Quote
Old 11-07-2011, 07:24 AM   #8
Steve Rindsberg
Staff
 
Join Date: Nov 2004
Posts: 6,713
Default

>> But the danger is when the incoming From is spoofed and she does know the name ....

That's why I'd insist that the body of the email offer an explanation of the attachment (or for that matter, any links in the email) and that it sound as though the alleged sender actually wrote it.

"Hey, this is funny, check it out" gets binned, no questions, no remorse.

Even the headers are no protection, really. It might really have come from the friend it purports to. Or at least from their computer. The one infested with malware that sends copies of itself out via "This is funny" messages with links to drive-by web sites.

>> My wife has adopted "if it has an attachment I don't open it PERIOD I ask Hugh"

Smart of you to have married such a wise woman. That makes two of us. ;-)

   
__________________
Steve Rindsberg
====================
www.pptfaq.com
www.pptools.com
and stuff
Steve Rindsberg is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Acrobat/Reader vulnerability Steve Rindsberg Software 4 02-21-2009 09:51 AM
Windows True Type on Mac OSX bmann Fonts & Typography 21 07-03-2006 02:49 PM
It's true! annc The Corner Pub 7 11-28-2005 07:34 PM
Please tell me this isn't true! Robin Springall Print Design 10 02-24-2005 11:00 AM


All times are GMT -8. The time now is 05:59 PM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Contents copyright 2004–2014 Desktop Publishing Forum and its members.