Thu, 13 May 2021 Today's Paper

MS Patch Tuesday: Another critical font engine vulnerability

13 January 2010 03:13 am - 0     - {{hitsCtrl.values.hits}}

A A A

The first Microsoft patch for 2010 is out, providing cover for a solitary vulnerability in the way Windows handles EOT (Embedded OpenType) fonts.

The update is rated “critical” but Microsoft says there is a low likelihood of exploitation on its newer operating systems.

The vulnerability, which was discovered by Google security engineer Tavis Ormandy, is a remote code execution issue in the way that the Microsoft Windows Embedded OpenType (EOT) Font Engine decompresses specially crafted EOT fonts.

From the MS10-001 advisory:

If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Because Microsoft considers this a very difficult vulnerability to exploit on most operating systems, it is rated “critical” only for Windows 2000.

However, it’s important to note that Windows XP, Windows Vista and Windows 7 are all affected by this flaw.

The Microsoft Security Research & Defense blog explains in more detail:

What is the issue?
t2embed.dll improperly performs bounds-checking on lengths which are decoded from the LZCOMP bit-stream. This made it possible for a copy loop to violate the intended working buffer.

Is the EOT functionality reachable through 3rd party code?
Yes, the t2embed library provides EOT functionality that can be used by 3rd party code.  Many 3rd parties import t2embed for their font rendering, though some may choose to implement their own font rendering.

Why an Exploitability Index rating of 2?
The Exploitability Index rating or 2 is due to the low likelihood of successful exploitation. Hurdles exist around heap preparation and predictability, heap data corruption, and a race condition to get an exception handler making successful exploitation unlikely.

The company warned that malicious hacker could use rigged fonts (EOT) delivered within files hosted on Web sites that are rendered in all versions of Internet Explorer by default.

An attacker could also use malicious office documents e-mailed to victims.  In a successful attack, a user running an unpatched machine would have to be tricked into opening a document — PowerPoint or Word documents — that contains a malformed embedded font.

See Kapruka's top selling online shopping categories such as Toys, Grocery, Flowers, Birthday Cakes, Fruits, Chocolates, Clothing and Electronics. Also see Kapruka's unique online services such as Money Remittence,News, Courier/Delivery, Food Delivery and over 700 top brands. Also get products from Amazon & Ebay via Kapruka Gloabal Shop into Sri Lanka.

  Comments - 0

See Kapruka's top selling online shopping categories such as Toys, Grocery, Flowers, Birthday Cakes, Fruits, Chocolates, Clothing and Electronics. Also see Kapruka's unique online services such as Money Remittence,News, Courier/Delivery, Food Delivery and over 700 top brands. Also get products from Amazon & Ebay via Kapruka Gloabal Shop into Sri Lanka.

 

 

Add comment

Comments will be edited (grammar, spelling and slang) and authorized at the discretion of Daily Mirror online. The website also has the right not to publish selected comments.

Reply To:

Name - Reply Comment




Indian Covid-19 variant added to WHO’s variants of concern : Prof. Neelika Malavige

Globally new cases of Covid are falling, after an all-time peak through March

MeGha Primal Intake: A mega scam by few govt doctors ?

Days after the Dhammika Paniya was rejected as a cure against COVID-19, news

DMK Chief M. K. Stalin Becomes Tamil Nadu Chief Minister

“Stalin Thaan Varraaru, Namakku Vidivu Tharraaru” (Stalin is only coming

Chemical Fertilizer Ban: A radical political decision that is not too practical?

Soil makes up as the home to millions of insects, microorganisms, recycle mat

See Kapruka's top selling online shopping categories such as Toys, Grocery, Flowers, Birthday Cakes, Fruits, Chocolates, Clothing and Electronics. Also see Kapruka's unique online services such as Money Remittence,News, Courier/Delivery, Food Delivery and over 700 top brands. Also get products from Amazon & Ebay via Kapruka Gloabal Shop into Sri Lanka.