Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Security

MS Traces Duqu Zero-Day To Font Parsing In Win32k 221

yuhong writes "MS has traced the Duqu zero-day to a vulnerability in font parsing in win32k. Many file formats like HTML, Office, and PDF support embedded fonts, and in NT4 and later fonts are parsed in kernel mode! Other possible attack vectors, for example, include web pages visited using web browsers that support embedded fonts without the OTS font sanitizer (which recent versions of Firefox and Chrome have adopted)." Adds reader Trailrunner7: "This is the first time that the exact location and nature of the flaw has been made public. Microsoft said that the permanent fix for the new vulnerability will not be ready in time for next week's November patch Tuesday release."

Slashdot Top Deals

Were there fewer fools, knaves would starve. - Anonymous

Working...