Microsoft is investigating a vulnerability in a Windows component, the Win32k TrueType font parsing engine. By exploiting the vulnerability an attacker may be able to run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Microsoft is aware of targeted attacks that try to exploit this vulnerability. Duqu malware is reported to be exploiting the vulnerability.
At the moment there is no patch against the vulnerability available. However, has listed some workarounds to mitigate the problem. More information about this can be read from the Microsoft Security Advisory (2639658).
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment