![]() Symantec will continue to investigate this vulnerability and provide more details as they become available. We recommend that all users apply the patch published in Microsoft Security Bulletin MS14-058. On October 14, 2014, Microsoft issued a security bulletin which provides a patch for the vulnerability. ![]() Symantec regards this vulnerability as critical since it affects all supported versions of the Windows OS and allows an attacker to execute code remotely on the compromised computer. The payload was a somewhat sophisticated remote access Trojan (RAT) that would run from memory. Symantec Endpoint Security Complete + Support Initial Hybrid Subscription - 1 Device - 1 Year - Price Level (1-24) License - Volume MFG. The attack consisted of a document with a malicious TTF, which when viewed on a vulnerable computer would result in the execution of additional malware. The Microsoft Windows 'Win32k.sys' TrueType Font Handling Remote Code Execution Vulnerability (CVE 2014-4148) is reportedly being exploited to gain remote access into an international organization. Symantec is investigating reports that a zero-day vulnerability affecting Microsoft Windows TrueType Font (TTF) parsing is being exploited in a limited number of attacks.
0 Comments
Leave a Reply. |