Hong Kong, AVAR 2011
Greetings from Hong Kong! This week we are enjoying the security conference AVAR, which is taking place in Hong Kong. Some interesting topics are being covered, such as the talk “Malware in EFI”, where Intel’s Igor Muttik showed us how malware could take advantage of the the EFI (Extensible Firmware Interface) and the challenges we [...]—
read the article
Microsoft Security Advisory (2639658): Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege – Version: 1.4
Revision Note: V1.4 (November 11, 2011): Revised impact statement for the workaround, Deny access to T2EMBED.DLL, to address applications that rely on T2EMBED.DLL for functionality.
Summary: Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware.
Microsoft Security Advisory (2641690): Fraudulent Digital Certificates Could Allow Spoofing – Version: 1.0
Revision Note: V1.0 (November 10, 2011): Advisory published.
Summary: Microsoft is aware that DigiCert Sdn. Bhd, a Malaysian subordinate certification authority (CA) under Entrust and GTE CyberTrust, has issued 22 certificates with weak 512 bit keys. These weak encryption keys, when broken, could allow an attacker to use the certificates fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. While this is not a vulnerability in a Microsoft product, this issue affects all supported releases of Microsoft Windows.
Microsoft Security Advisory (2639658): Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege – Version: 1.3
Revision Note: V1.3 (November 8, 2011): Added link to MAPP Partners with Updated Protections in the Executive Summary.
Summary: Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware.
Microsoft Security Advisory (2269637): Insecure Library Loading Could Allow Remote Code Execution – Version: 12.0
Revision Note: V12.0 (November 8, 2011): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS11-085, “Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution.”
Summary: Microsoft is aware that research has been published detailing a remote attack vector for a class of vulnerabilities that affects how applications load external libraries.