[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Fri Oct 24 05:21:26 PDT 2014
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 408 Published: Thu, 23 Oct 2014 19:23:55 GMT
New Fixlets:
============
***************************************************************
Title: TrueType font parsing remote code execution vulnerability - CVE-2014-4148 (MS14-058)
Severity: High
Fixlet ID: 2642201
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval26422.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4148
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted TrueType font, as exploited in the wild in October 2014, aka "TrueType Font Parsing Remote Code Execution Vulnerability."
More information about the WinVulns-Announcements
mailing list