Microsoft Security Advisory (2639658) Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege

https://technet.microsoft.com/en-us/security/advisory/2639658

"A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error within the Win32k kernel-mode driver (win32k.sys) when parsing TrueType fonts.

Successful exploitation allows execution of arbitrary code."

"Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware."

There are recommendations on the Microsoft advisory website that include denying access to T2EMBED.DLL.

Until Microsoft releases an official patch, it may be a good idea to install the workaround especially since this exploit has been tied to Duqu.

Thanks,
ep