Kaspersky Labs researcher Anton Ivanov says an advanced threat group was exploiting a Windows zero day vulnerability before Microsoft patched it last week.
Microsoft says the graphics device interface vulnerability (CVE-2016-3393) allowed attackers to gain remote code execution and elevation of privilege powers.
Ivanov's analysis reveals a hacking group dubbed FruityArmor was exploiting the vulnerability in chained attacks, using a True Type Font to trigger the bug.
[...] The attack saw browser sandboxes broken and higher privileges attained before a second payload executed with the newly-acquired higher access privileges.
Windows 10's efforts to push font processing into a special user mode that restricts privileges did not stop the exploit.
(Score: 3, Insightful) by tibman on Sunday October 23 2016, @04:11PM
WYSIWYG only works if everyone is using the exact same implementation of the standard. Because usually the standard will have holes in it where implementors have to improvise. In the case of html/css the implementors are often ahead of the standard too.
Anyways, WYSIWYG is garbage for a lot of reasons. Screen size being one of the biggest reasons. It would be like a shoe designer building a size 10 shoe that everyone (no matter foot size) has to wear.
SN won't survive on lurkers alone. Write comments.