You can't even trust a good font

November 4, 2011

Given enough time and skill, you can likely find a vulnerability in just about any piece of software. But Microsoft appears to make it exceptionally easy and provides ample motivation.

Tags: #infosec #microsoft #vulnerability

Reshared post from +Jacob Smock

Really Microsoft?

Attached Link:

Microsoft Security Advisory (2639658): Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege
Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code…

To comment or reply: View post on Google+

Tags: , ,

3 Responses to You can't even trust a good font

  1. Dave Grega on November 4, 2011 at 3:32 pm

    This is what happens when you let display drivers run in kernel mode :/.

  2. Jacob Smock on November 4, 2011 at 3:42 pm

    I would think you should limit as much as possible running in kernel mode but what do I know.

  3. Kristopher Jordy on November 4, 2011 at 3:44 pm

    I'm sure Microsoft knows better, let's just leave it up to them. They would never let us down, right?

Leave A Reply.

To comment or reply, please view the original post on Google+ by using the link provided above.

Switch to our mobile site