Microsoft released temporary fix for Kernel 0-day Security Flaw


Few days back, Symantec and the Laboratory of Cryptography and System Security (CrySyS) discovered the zero day security flaw in windows kernel while analyzing the Duqu malware.  Microsoft released a temporary fix this problem.  Microsoft determine the problem is in the Win32k TrueType font(TTF) parsing engine.

An attacker can exploit this vulnerability and install programs; view, change, or delete data; or create new accounts with full user rights.

Microsoft is working on to fix this vulnerability with partners in Microsoft Active Protections Program (MAPP). In mean time, Microsoft released "Fix this problem" tool as a temporary solution.

This tool will disable the system access to the T2embed.dll file. The problem with that is it will prevent any applications that rely on embedded TTFs from rendering properly. This is a common practice in Microsoft Office documents, browsers and document viewers.

Category: / / /

Share this with Your friends: