Microsoft Security Advisory (2639658): Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege – Version: 1.2
Revision Note: V1.2 (November 4, 2011): Revised the workaround, Deny access to T2EMBED.DLL, to improve support for non-English versions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Customers with non-English versions of Microsoft Windows should reevaluate the applicability of the revised workaround for their environment.
Summary: Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware.
PandaLabs Report – Q3 2011
The new PandaLabs Report Q3 11 is out. Take a look at what has happened in the computer security field during the last 3 months. Just click on the picture. In this quarter 5 million new malware samples have been created and the record of new Trojans has been broken as it the preferred category by [...]—
read the article
Deobfuscating malicious code layer by layer
Article written by David Sánchez Lavado This post explains how to analyze the malicious code used in current Exploit Kits. There are many ways to analyze this type of code, and you can find tools that do most of the job automatically. However, as researchers who like to understand how things work, we are going [...]—
read the article
Microsoft Security Advisory (2269637): Insecure Library Loading Could Allow Remote Code Execution – Version: 11.0
Revision Note: V11.0 (October 11, 2011): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-075, “Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution;” and MS11-076, “Vulnerability in Windows Media Center Could Allow Remote Code Execution.”
Summary: Microsoft is aware that research has been published detailing a remote attack vector for a class of vulnerabilities that affects how applications load external libraries.
Microsoft Security Advisory (2588513): Vulnerability in SSL/TLS Could Allow Information Disclosure – Version: 1.0
Revision Note: V1.0 (September 26, 2011): Advisory published.
Summary: Microsoft is aware of detailed information that has been published describing a new method to exploit a vulnerability in SSL 3.0 and TLS 1.0, affecting the Windows operating system. This vulnerability affects the protocol itself and is not specific to the Windows operating system. This is an information disclosure vulnerability that allows the decryption of encrypted SSL/TLS traffic. This vulnerability primarily impacts HTTPS traffic, since the browser is the primary attack vector, and all web traffic served via HTTPS or mixed content HTTP/HTTPS is affected. We are not aware of a way to exploit this vulnerability in other protocols or components and we are not aware of attacks that try to use the reported vulnerability at this time. Considering the attack scenario, this vulnerability is not considered high risk to customers.