Lively discussions on the graphic arts and publishing — in print or on the web

Go Back   Desktop Publishing Forum > General Discussions > Fonts & Typography

Thread Tools Display Modes
Prev Previous Post   Next Post Next
Old 11-04-2011, 03:08 PM   #1
Hugh Wyn Griffith
Join Date: Jan 2005
Posts: 2,485
Default MS advises True Type attack vulnerability

Just came across a reference to this in the Norton Forums:


Microsoft Security Advisory (2639658)

Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege

Executive Summary

Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

[ ... ]

Mitigating Factors
  • The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must open an attachment that is sent in an e-mail message.

One of my Norton colleagues added this comment:

This zero-day vulnerability is associated with the Duqu worm which targets industial operations and is spread in email attachments. Norton currently protects against Duqu itself, and according to this Microsoft TechNet blog all security vendors should have signatures to block exploitation of the vulnerability within hours


Hugh Wyn Griffith is offline   Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Acrobat/Reader vulnerability Steve Rindsberg Software 4 02-21-2009 09:51 AM
Windows True Type on Mac OSX bmann Fonts & Typography 21 07-03-2006 02:49 PM
It's true! annc The Corner Pub 7 11-28-2005 07:34 PM
Please tell me this isn't true! Robin Springall Print Design 10 02-24-2005 11:00 AM

All times are GMT -8. The time now is 03:05 AM.

Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2018, vBulletin Solutions, Inc.
Contents copyright 2004–2018 Desktop Publishing Forum and its members.