MS Traces Duqu Zero-Day To Font Parsing In Win32k

MS Traces Duqu Zero-Day To Font Parsing In Win32k 221

Posted by timothy on Saturday November 05, 2011 @07:00AM from the if-only-smarts-and-ethics-went-together dept.

yuhong writes "MS has traced the Duqu zero-day to a vulnerability in font parsing in win32k. Many file formats like HTML, Office, and PDF support embedded fonts, and in NT4 and later fonts are parsed in kernel mode! Other possible attack vectors, for example, include web pages visited using web browsers that support embedded fonts without the OTS font sanitizer (which recent versions of Firefox and Chrome have adopted)." Adds reader Trailrunner7: "This is the first time that the exact location and nature of the flaw has been made public. Microsoft said that the permanent fix for the new vulnerability will not be ready in time for next week's November patch Tuesday release."

MS Traces Duqu Zero-Day To Font Parsing In Win32k

Search 221 Comments Log In/Create an Account

Comments Filter:

brb banging head against wall (Score:2, Funny)

by admiralranga ( 2007120 ) writes: on Saturday November 05, 2011 @07:18AM (#37956724)

FFS microsoft, I'm a highschooler and I think that a really bad idea. How do mistakes like that get through q&a?

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

MS Traces Duqu Zero-Day To Font Parsing In Win32k 221

MS Traces Duqu Zero-Day To Font Parsing In Win32k More Login

MS Traces Duqu Zero-Day To Font Parsing In Win32k

brb banging head against wall (Score:2, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot