Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Following the usual cycle of monthly patch releases, Microsoft just issued its first for this year yesterday. Microsoft has released one advisory to address the vulnerability found in the way the Embedded OpenType (EOT) Font Engine can render a specially crafted EOT font file in several Microsoft applications such as Internet Explorer (IE), PowerPoint, and Word.

    An EOT font is a type of OpenType font with the .eot extension. Microsoft created EOT fonts to have them embedded in Web pages to discourage copying (and eventually, using) copyrighted fonts online, which is almost always a possibility.

    According to the official Microsoft bulletin, once the EOT Engine renders a malformed .EOT file, attackers could use the vulnerability to take complete control of the system. This means that they would be able to perform tasks on an affected machine such as installing new programs, deleting important files, or creating new accounts, all without the user’s knowledge. Microsoft has given MS10-001 an Exploitability Index rating of “2,” which means it can be replicated but the outcome of its use would always vary, thus, inconsistent. Note, however, that this rating only applies to systems running Windows 2000. Later versions are unlikely to be exploited.

    In the same vein, Adobe also released a security update detailing new patches for Reader and Acrobat. The patches address vulnerabilities we found and wrote about last month and last week.

    Below is a list of other updates regarding vulnerabilities and patches:

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice