November 7th, 2011

The Sourcefire VRT is aware of a vulnerability affecting hosts using the Microsoft Windows operating system.


Microsoft Security Advisory (2639658):
The Microsoft Windows TrueType font parsing engine contains a vulnerability that may allow a remote attacker to execute code on an affected system. A succesful exploitation of this vulnerability may allow the attacker to execute code in kernel mode. This vulnerability is also related to the Duqu malware.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 3, SID 20539.