Impact of workaround #1: Windows Explorer will not automatically display OTF fonts. Refer to Microsoft Security Bulletin MS11-007 for further details.ġ) Disable the Preview Pane and Details Pane in Windows Explorer. Windows Server 2008 R2 for Itanium-based Systems Windows Server 2008 R2 for 圆4-based Systems Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows Server 2008 for 圆4-based Systems and Windows Server 2008 for 圆4-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Vista 圆4 Edition Service Pack 1 and Windows Vista 圆4 Edition Service Pack 2 Windows Vista Service Pack 1 and Windows Vista Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2003 圆4 Edition Service Pack 2 Windows XP Professional 圆4 Edition Service Pack 2 An attacker could then install programs view, change, or delete data or create new accounts with full user rights.įollowing are links for downloading patches to fix the vulnerabilities: Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):įebruary 2011 Security Updates for XPe and Standard 2009 Runtimes Are Now Available on ECE (KB2485376)Īn attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode. This security update is rated Critical for all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Microsoft has released a security update that addresses the vulnerability by correcting the manner in which the Windows OpenType Compact Font Format (CFF) driver validates the parameter values of specially crafted OpenType fonts. OpenType fonts can contain either PostScript Type 1 or TrueType outlines.Ī remote code execution vulnerability exists in the way that the Windows OpenType Compact Font Format (CFF) driver improperly parses specially crafted OpenType fonts. An OpenType CFF font is an OpenType font that contains PostScript Type 1 outlines. OpenType is a font format developed jointly by Microsoft and Adobe as an extension of Apple's TrueType font format. Microsoft OpenType Compact Font Format (CFF) Driver Remote Code Execution Vulnerability (MS11-007) Qualys has released the following checks for these new vulnerabilities: To fix newly discovered flaws in their software. Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition. Visit Qualys Security Blog to prioritize remediation. Their networks for these and other new vulnerabilities by accessing Vulnerability checks in the Qualys Cloud Platform to protectĪnnounced today by Microsoft. Qualys Vulnerability R&D Lab has released new
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |