out-of-band patch for Windows operating systems zero-day released by Microsoft

According to Trend Micro a vulnerability (CVE-2015-2426)has been found in Microsoft operating systems allows remote attackers to execute arbitrary code via a crafted OpenType font, aka “OpenType Font Driver Vulnerability” (Adobe Type Manager Library handles OpenType fonts and can be exploited with a specially crafted document or by luring a victim to a malicious Web site.)reported to MS. They released a rare, out-of-band patch to resolve a Windows zero-day vulnerability on this tuesday.

https://technet.microsoft.com/en-us/library/security/MS15-078

In addition, the fixes in this bulletin supersede those in https://technet.microsoft.com/en-us/library/security/MS15-077

The leaked documents stated that the memory corruption of atmfd.dll (an Adobe kernel module) would lead to privilege escalation on Windows 8.1 x64. This is a complete exploit which allows even an escape of the Chrome sandbox through a kernel bug; the proof0of-concept exploit code runs the Windows calculator calc.exe with system privileges under winlogon.exe.

for more read Trend Micro blog
http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-leak-uncovers-another-windows-zero-day-ms-releases-patch/

Advertisements

Posted on July 24, 2015, in Windows. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: