MS Advisory updates - TrueType Font Parsing + Insecure Lib Load
FYI...
Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/...visory/2269637
• V12.0 (November 8, 2011): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS11-085*, "Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution."
* https://technet.microsoft.com/en-us/...letin/ms11-085
Microsoft Security Advisory (2639658)
Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege
- https://technet.microsoft.com/en-us/...visory/2639658
• V1.4 (November 11, 2011): Revised impact statement for the workaround, Deny access to T2EMBED.DLL, to address applications that rely on T2EMBED.DLL for functionality.
"... vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability..."
> http://support.microsoft.com/kb/2639658#FixItForMe
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3402
Last revised: 11/07/2011
CVSS v2 Base Score: 9.3 (HIGH)
- http://labs.m86security.com/2011/11/...ero-day-event/
November 8th, 2011
___
A simple test of the Duqu workaround...
- http://blogs.computerworld.com/19256...und_is_working
November 12, 2011
