Posted on 07/20/2015 1:58:13 PM PDT by dayglored
Microsoft has, in the past couple of minutes, released a security update for all supported versions of Windows to fix a critical remote-code execution vulnerability.
Details of the vulnerability were found and reported to Microsoft by security researchers poring over internal memos leaked online from spyware-maker Hacking Team. This follows an elevation-of-privilege hole in Windows, and a remote-code execution vuln in Internet Explorer 11, that were also uncovered from the Hacking Team files, and patched last week by Microsoft.
This latest security flaw (MS15-078) lies within the Windows Adobe Type Manager Library, and can be exploited by attackers to hijack PCs, infect them with malware, and so on. A victim who opens a document or even a webpage that contains a malicious embedded OpenType font file can be attacked thanks to this vulnerability.
Microsoft explained in an advisory:
An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights....There are multiple ways an attacker could exploit this vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage that contains embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts.
When this security bulletin was issued, Microsoft had information to indicate that this vulnerability was public but did not have any information to indicate this vulnerability had been used to attack customers. Our analysis has shown that exploit code could be created in such a way that an attacker could consistently exploit this vulnerability.
(Excerpt) Read more at theregister.co.uk ...
Thanks to ShadowAce for the heads up!!
Except for one thing: I don’t run Internet Explorer as my default web browser. I run Google Chrome Version 43.0.2357.134 as my default web browser.
This one is in a Windows OS font driver common to all version. Doesn't have anything to do with which browser you use.
None of my biz - intention is to ensure people know that Google Chrome (and actually All Google products share your data with it’s servers, unless you take specific action to disable their privacy breaching data exfiltrating features.
Google is a Bad anti-right to privacy actor.
Here’s a paper Google authors explaining how they get your data and all of the measures you need to take to disable that.
https://www.google.com/chrome/browser/privacy/whitepaper.html
I use Firefox Mozilla in Privacy mode, and only conduct searches using Startpage.com <- they are hosted in the Netherlands and do not keep your search info.
(However you ISP may).
Done, thanks.
Thank you
Thanks for the heads-up, guys!
Wow, that’s NASTY. Kernel-mode access from a simple website font. YIKES!
Wanna bet it is Yet Another Buffer Overflow... the problem is not the font — it is the silly software that is supposed to be able to handle it correctly no matter what it is.
To assume that third party data is always going to be friendly to your application is very foolish!
This is a kernel-mode vulnerability that takes advantage of the fact that Microsoft’s font controls are at the kernel. Fonts are often cited as a vector for vulnerabilities due to the need for elevated privileges to display them. Not sure I understand the mechanism well enough, but I don’t think it’s buffer overflow. I’ve been wrong before.
It’s also worthwhile to note this is related to OpenType fonts, which are very popular in web design, as I understand it.
Something is causing the driver to go looey... you’d think that part of the kernel would be armor plated against this kind of roto rooter. Data that goes one inch beyond what it should will be cut off. Still thinking buffer overflow, that is Occam’s Razor view of the problem.
I’ve seen attacks occur without so much as a blip in resource monitoring. The most reliable monitoring for hacking is through network tools. It’s amazing what the Chinese and Russians try to do against your average network on a daily basis.
I’s talking about sofwere injuneerin. The wildcat wants to get loose, so you put ‘im in a cage. Simple no? HiTech
You’re 100% by my estimation. I’m a systems architect, but I can’t argue with your logic.
Bump! Thanks for the heads up!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.