QUOTE
Hackers will exploit Windows kernel bug, researchers say
Expect drive-by attacks against IE 'sooner rather than later,' experts say
By Gregg Keizer
November 11, 2009 12:20 PM ET
Computerworld - Hackers will quickly jump on one of the 15 vulnerabilities Microsoft patched Tuesday to build attack code that infects Internet Explorer users, security researchers agreed today.
The bug, which Microsoft patched as part of a record-tying security update for the month of November, is in the Windows kernel, the heart of the operating system. The kernel improperly parses Embedded OpenType (EOT) fonts, a compact form of fonts designed for use on Web pages that can also be used in Microsoft Word and PowerPoint documents.
Microsoft rated the flaw as "critical," its highest threat rating, and gave the bug an exploitability ranking of "1," which means it expects a working exploit to appear in the next 30 days. Outside researchers expect it much sooner than that.
Details:
http://www.computerworld.com/s/article/914...researchers_say
Expect drive-by attacks against IE 'sooner rather than later,' experts say
By Gregg Keizer
November 11, 2009 12:20 PM ET
Computerworld - Hackers will quickly jump on one of the 15 vulnerabilities Microsoft patched Tuesday to build attack code that infects Internet Explorer users, security researchers agreed today.
The bug, which Microsoft patched as part of a record-tying security update for the month of November, is in the Windows kernel, the heart of the operating system. The kernel improperly parses Embedded OpenType (EOT) fonts, a compact form of fonts designed for use on Web pages that can also be used in Microsoft Word and PowerPoint documents.
Microsoft rated the flaw as "critical," its highest threat rating, and gave the bug an exploitability ranking of "1," which means it expects a working exploit to appear in the next 30 days. Outside researchers expect it much sooner than that.
Details:
http://www.computerworld.com/s/article/914...researchers_say