Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Sunday October 23 2016, @12:34AM   Printer-friendly
from the stopped-in-their-tracks dept.

Kaspersky Labs researcher Anton Ivanov says an advanced threat group was exploiting a Windows zero day vulnerability before Microsoft patched it last week.

Microsoft says the graphics device interface vulnerability (CVE-2016-3393) allowed attackers to gain remote code execution and elevation of privilege powers.

Ivanov's analysis reveals a hacking group dubbed FruityArmor was exploiting the vulnerability in chained attacks, using a True Type Font to trigger the bug.

[...] The attack saw browser sandboxes broken and higher privileges attained before a second payload executed with the newly-acquired higher access privileges.

Windows 10's efforts to push font processing into a special user mode that restricts privileges did not stop the exploit.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Sunday October 23 2016, @06:46PM

    by Anonymous Coward on Sunday October 23 2016, @06:46PM (#417920)

    to correctly render glyphs

    I must be going to very different sites.
    I block webfonts, yet the text in the pages I visit is completely readable.
    ...or you're talking about unnecessary chintz.

    yeah, nothing at all can go wrong there if you allow bytecode from a remote location to execute unchecked in an [interpreter]

    In my AdBlocker, I include the filters
    */font/
    */webfonts/
    fonts*js

    I also don't run Windoze--a product from a marketing company that dabbles in software.
    Being run by salesmen and marketing types, that operation thought it was a good idea to execute user-supplied data (like fonts) in Ring0. [googleusercontent.com] (orig) [wikipedia.org]
    It demonstrates just how out of their depth M$ management is.

    -- OriginalOwner_ [soylentnews.org]