Microsoft Releases Security Advisory for Vulnerability in TrueType Font Parsing

Microsoft has released Microsoft Security Advisory 2639658 to address a vulnerability in the Win32k TrueType font parsing engine. By convincing a user to open a malicious email attachment, an attacker may be able to exploit this vulnerability and execute arbitrary code.

Microsoft has indicated that it is aware of targeted attacks exploiting this vulnerability. The Duqu malware may exploit this vulnerability.

UPDATE: Microsoft has provided an update to address this vulnerability in Microsoft Security Bulletin MS11-087.

US-CERT encourages users and administrators to take the following actions to help mitigate the risks of this vulnerability and the Duqu malware:

Review Microsoft Security Advisory 2639658 and apply the patch provided in Microsoft Security Bulletin MS11-087.
Use caution when opening attachments in email messages.
Maintain up-to-date antivirus software.

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases Security Advisory for Vulnerability in TrueType Font Parsing

Recent Posts

Apple Releases Security Updates for Multiple Products

CISA Releases One Industrial Control Systems Advisory

Cisco Releases Security Bundle for Cisco ASA, FMC, and FTD Software

CISA Releases Four Industrial Control Systems Advisories

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA, US, and International Partners Release Joint Guidance to Assist Software Manufacturers with Safe Software Deployment Processes