CERT mailing list archives
Current Activity - Microsoft Releases Security Advisory for Vulnerability in TrueType Font Parsing
From: Current Activity <us-cert () us-cert gov>
Date: Thu, 15 Dec 2011 11:04:42 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 US-CERT Current Activity Microsoft Releases Security Advisory for Vulnerability in TrueType Font Parsing Original release date: November 4, 2011 at 8:27 am Last revised: December 15, 2011 at 9:44 am Microsoft has released Microsoft Security Advisory 2639658 to address a vulnerability in the Win32k TrueType font parsing engine. By convincing a user to open a malicious email attachment, an attacker may be able to exploit this vulnerability and execute arbitrary code. Microsoft has indicated that it is aware of targeted attacks exploiting this vulnerability. The Duqu malware may exploit this vulnerability. UPDATE: Microsoft has provided an update to address this vulnerability in Microsoft Security Bulletin MS11-087. US-CERT encourages users and administrators to take the following actions to help mitigate the risks of this vulnerability and the Duqu malware: * Review Microsoft Security Advisory 2639658 and apply the patch provided in Microsoft Security Bulletin MS11-087. * Use caution when opening attachments in email messages. * Maintain up-to-date antivirus software. Relevant Url(s): <http://technet.microsoft.com/en-us/security/advisory/2639658> <http://technet.microsoft.com/en-us/security/bulletin/ms11-087> ==== This entry is available at http://www.us-cert.gov/current/index.html#microsoft_releases_security_advisory_for4 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTuoakT/GkGVXE7GMAQLjPwf/RXEg5yxLZ1Rsr1WqWIgTsqrPjg7RgBfy 8oxTFY5qrc6kF6UN/b/WnIy46+AjK1LnQcB1ioqX5SmiYoH46ThV7ozR2plN5OpW NpSRX1KbeMGstv/tB2nZcQnAzgyqsZuVDSXllkIqaqeja4fJ++eQlcuHmNkPo1mt av0II3xRwq5wcA0Lgb3IC5bFodQQCJIlT6JnpDxx/Vl8YCfI/lWZS1iu/Zfzzx2o yjsHDBk7rDhIsZxpRLrh2B6OYCaiV40bt+a/xQPQ4f9aQhxtfazFE+E/jUZiFlvr 10VnuOHRJTi80Zib66F0vHV+R9+RIT//pIl6G9dEGjJ3oRM4U1dFyg== =DEvm -----END PGP SIGNATURE-----
Current thread:
- Current Activity - Microsoft Releases Security Advisory for Vulnerability in TrueType Font Parsing Current Activity (Nov 04)
- <Possible follow-ups>
- Current Activity - Microsoft Releases Security Advisory for Vulnerability in TrueType Font Parsing Current Activity (Dec 15)