Hot on the heels of yesterday's Flash vulnerability, the leak of internal documents from Hacking Team has revealed another zero-day vulnerability, this time in a Windows kernel component. Attackers can exploit it to gain administrator privileges on a target system. All versions of Windows from XP up to 8.1 are reported to be affected, in both 32 and 64-bit variants.
The vulnerability resides in the Adobe-provided atmfd.dll, which is a kernel-level driver for rendering OpenType fonts. TrendMicro has a page up with a brief technical description about the vulnerability (which is essentially a buffer underflow), and 360cn has posted an in-depth analysis of the bug. This new bug is not the same one as MS15-021, another Adobe font driver vulnerability, which Microsoft patched back in March.
Microsoft tells The Register that a patch is in the works, and that the vulnerability "could not, on its own, allow an adversary to take control of a machine." Since July's Patch Tuesday is next week, it's possible that a hotfix will be ready by then.
|1. BIF - $340||2. Ryu Connor - $250||3. mbutrovich - $250|
|4. YetAnotherGeek2 - $200||5. End User - $150||6. Captain Ned - $100|
|7. Anonymous Gerbil - $100||8. Bill Door - $100||9. ericfulmer - $100|
|10. dkanter - $100|
|Alphacool shows off Eisbrecher radiator and GPX waterblocks||1|
|Rumor: More GTX 1050 Ti and 1080 Ti details pop up||27|
|Cooler Master's MasterBox 5 and Zalman's Z9 Neo cases reviewed||7|
|Deals of the week: cheap mobos and a GTX 950||3|
|Thermaltake revs up Engine 27 low-profile CPU cooler||15|
|Logitech C922 Pro Stream webcam dispenses with green screens||17|
|MSI 100-series BIOS updates show Kaby Lake drops into LGA 1151||14|
|Razer revamps Kraken headsets with big drivers and metal bodies||10|
|Corsair Vengeance LED RAM family now sings the blues||6|