Sourcefire Vulnerability Research Team Labs
VRT Certified Rule Information for Microsoft Security Advisories
As part of the Microsoft
Active Protections Program (MAPP), the Sourcefire VRT has released
detection content to help protect customers from attacks targeting the
vulnerabilities for the following Microsoft Security Advisories:
|
|
| Microsoft Advisory: |
Applicable Rules: |
|
Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege (2639658)
|
WEB-CLIENT Microsoft TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (3:20539)
The Microsoft Windows TrueType font parsing engine contains a vulnerability that may allow a remote attacker to execute code on an affected system. A succesful exploitation of this vulnerability may allow the attacker to execute code in kernel mode. This vulnerability is also related to the Duqu malware.
For more details, including work-arounds, see the Microsoft advisory linked to the left.
GID 3, SID 20539 has been released to detect attacks targeting this vulnerability. Sourcefire customers can download the protection from the Sourcefire Customer Support Site, VRT Certified Rule subscribers can download the protection from snort.org.
|
|
|
Microsoft Advisory to Rule mapping archive
View the archive
')
