Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Windows Font Vulnerability Discovered

M86 Security : 09 November, 2011  (Technical Article)
Discovered malware exploits vulnerability in embedded Windows TrueType font
Windows Font Vulnerability Discovered
A new vulnerability in Windows, CVE -2011-3402, has been recently identified and is already exploited in the wild.  For now, only a handful of targeted attacks have been found. The vulnerability exists in Windows TrueType Font Parsing Engine and affects most Windows versions, including Windows 7.

An attack involves a file which has a maliciously crafted TrueType font file (TTF) embedded in it. There are several file formats that use TrueType fonts, for example, file formats of Microsoft Office and Adobe Acrobat Reader. In the currently known targeted attacks, a Microsoft Word document was used. Once rendered on a vulnerable system, parsing the TTF file may end up with execution of malicious code. Microsoft has released an advisory for this issue and also released a FixIt tool as a workaround. It disables access to the system file T2embed.dll in order to avoid TrueType font processing. However, a word of caution: Applications that use these fonts may break after this workaround is deployed.

In the known attacks, the installed malware is known as Duqu. The Laboratory of Cryptography and System Security (CrySyS) at Budapest University first reported these attacks and they were thoroughly investigated by that team and by Symantec in the following article.

M86 Security Secure Web Gateway (SWG) can be deployed with three possible antivirus scanners and they already released protection: Kaspersky, McAfee and Sophos. No additional Security Update by M86 Security is required. In addition, M86 Security is investigating adding more layers of protection in the future. Keep in mind, these attacks currently are not delivered via web browser but that can obviously change in the future.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo