To quote the bulletin:
What does the update do?
The update addresses the vulnerability by modifying the way that a Windows kernel mode driver handles TrueType font files.
When this security bulletin was issued, had this vulnerability been publicly disclosed?
Yes. This vulnerability has been publicly disclosed. It has been assigned Common Vulnerability and Exposure number CVE-2011-3402.
When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited?
Yes. Microsoft is aware of limited, targeted attacks attempting to exploit the vulnerability. However, when the security bulletin was released, Microsoft had not seen any examples of proof of concept code published.
Leave a reply