[BigFix-Announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Enterprise Security'
autonotify at us.ibm.com
autonotify at us.ibm.com
Tue Nov 8 02:02:40 PST 2011
Fixlet Site - 'Enterprise Security'
Current Version: 1538 Published: Tue, 08 Nov 2011 07:01:28 GMT
New Fixlets:
============
***************************************************************
Title: Security Advisory 2639658: Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege - Workaround
Severity: <Unspecified>
Fixlet ID: 263965801
Fixlet Link: http://technet.microsoft.com/en-us/security/advisory/2639658
Fixlet Description: Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware. Applying this fixlet implements the workaround outlined in security advisory 2639658.
***************************************************************
Title: Security Advisory 2639658: Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege - Undo Workaround
Severity: <Unspecified>
Fixlet ID: 263965802
Fixlet Link: http://technet.microsoft.com/en-us/security/advisory/2639658
Fixlet Description: Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware. Applying this fixlet undoes the workaround outlined in security advisory 2639658.
***************************************************************
Title: Security Advisory 2639658: Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege - Workaround (x64)
Severity: <Unspecified>
Fixlet ID: 263965803
Fixlet Link: http://technet.microsoft.com/en-us/security/advisory/2639658
Fixlet Description: Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware. Applying this fixlet implements the workaround outlined in security advisory 2639658.
***************************************************************
Title: Security Advisory 2639658: Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege - Undo Workaround (x64)
Severity: <Unspecified>
Fixlet ID: 263965804
Fixlet Link: http://technet.microsoft.com/en-us/security/advisory/2639658
Fixlet Description: Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware. Applying this fixlet undoes the workaround outlined in security advisory 2639658.
***************************************************************
Title: Security Advisory 2639658: Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege - Workaround - Windows Vista / 2008 / 7
Severity: <Unspecified>
Fixlet ID: 263965805
Fixlet Link: http://technet.microsoft.com/en-us/security/advisory/2639658
Fixlet Description: Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware. Applying this fixlet implements the workaround outlined in security advisory 2639658.
***************************************************************
Title: Security Advisory 2639658: Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege - Undo Workaround - Windows Vista / 2008 / 7
Severity: <Unspecified>
Fixlet ID: 263965806
Fixlet Link: http://technet.microsoft.com/en-us/security/advisory/2639658
Fixlet Description: Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware. Applying this fixlet undoes the workaround outlined in security advisory 2639658.
***************************************************************
Title: Security Advisory 2639658: Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege - Workaround - Windows Vista / 2008 / 7 / 2008R2 (x64)
Severity: <Unspecified>
Fixlet ID: 263965807
Fixlet Link: http://technet.microsoft.com/en-us/security/advisory/2639658
Fixlet Description: Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware. Applying this fixlet implements the workaround outlined in security advisory 2639658.
***************************************************************
Title: Security Advisory 2639658: Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege - Undo Workaround - Windows Vista / 2008 / 7 / 2008R2 (x64)
Severity: <Unspecified>
Fixlet ID: 263965808
Fixlet Link: http://technet.microsoft.com/en-us/security/advisory/2639658
Fixlet Description: Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware. Applying this fixlet undoes the workaround outlined in security advisory 2639658.
More information about the BigFix-Announcements
mailing list