Hot on the heels of yesterday's Flash vulnerability, the leak of internal documents from Hacking Team has revealed another zero-day vulnerability, this time in a Windows kernel component. Attackers can exploit it to gain administrator privileges on a target system. All versions of Windows from XP up to 8.1 are reported to be affected, in both 32 and 64-bit variants.
The vulnerability resides in the Adobe-provided atmfd.dll, which is a kernel-level driver for rendering OpenType fonts. TrendMicro has a page up with a brief technical description about the vulnerability (which is essentially a buffer underflow), and 360cn has posted an in-depth analysis of the bug. This new bug is not the same one as MS15-021, another Adobe font driver vulnerability, which Microsoft patched back in March.
Microsoft tells The Register that a patch is in the works, and that the vulnerability "could not, on its own, allow an adversary to take control of a machine." Since July's Patch Tuesday is next week, it's possible that a hotfix will be ready by then.
|Razer Kiyo and Seiren X set the stage for streaming excellence||19|
|MSI Cubi 3 Silent and Silent S can be seen but not heard||13|
|Massdrop's Vast 35" VA display lives up to its name||31|
|Spitballing the performance of Nvidia's purported GTX 1070 Ti||22|
|Friday deals: a huge monitor, racing gear, audio, and more||22|
|G.Skill 3800 MT/s SO-DIMMs put lightning in tiny bottles||9|
|Cooler Master bedazzles the MasterLiquid Lite ML120L and ML240L||4|
|Razer Electra V2 offers affordable immersion||8|
|Samsung 360 Round camera captures the world from all angles||11|
|You do realise that whether you’re looking at a flat or a curved panel, you’re invariably looking at content that uses a planar projection? There...||+12|