Microsoft Security Advisory (2639658): Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege – Version: 2.0
Revision Note: V2.0 (December 13, 2011): Advisory updated to reflect publication of security bulletins. Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS11-087 to address this issue. For more information about this issue, including download links for an available security update, please review MS11-087. The vulnerability addressed [...]
Microsoft Security Advisory (2641690): Fraudulent Digital Certificates Could Allow Spoofing – Version: 2.0
Revision Note: V2.0 (November 16, 2011): Revised to announce the rerelease of the KB261690 update. See the Update FAQ in this advisory for more information. Also, added link to Microsoft Knowledge Base Article 2641690 under Known Issues in the Executive Summary. Summary: Microsoft is aware that DigiCert Sdn. Bhd, a Malaysian subordinate certification authority (CA) [...]
Microsoft Security Advisory (2639658): Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege – Version: 1.4
Revision Note: V1.4 (November 11, 2011): Revised impact statement for the workaround, Deny access to T2EMBED.DLL, to address applications that rely on T2EMBED.DLL for functionality. Summary: Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel [...]
Microsoft Security Advisory (2641690): Fraudulent Digital Certificates Could Allow Spoofing – Version: 1.0
Revision Note: V1.0 (November 10, 2011): Advisory published. Summary: Microsoft is aware that DigiCert Sdn. Bhd, a Malaysian subordinate certification authority (CA) under Entrust and GTE CyberTrust, has issued 22 certificates with weak 512 bit keys. These weak encryption keys, when broken, could allow an attacker to use the certificates fraudulently to spoof content, perform [...]
Microsoft Security Advisory (2639658): Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege – Version: 1.3
Revision Note: V1.3 (November 8, 2011): Added link to MAPP Partners with Updated Protections in the Executive Summary. Summary: Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; [...]