Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
Description: This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font. In a Web-based attack scenario, an attacker would have to host a Web site that contains specially crafted embedded fonts that are used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted Web site. Instead, an attacker would have to convince the user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the attacker’s site. The security update addresses the vulnerabilities by correcting the method used for validating the argument passed to the system call, validating input passed from user mode through the kernel component of GDI, and correcting the manner in which Windows kernel-mode drivers parse font code.
Update type: Important
Release date: November 10, 2009
Applies to: All versions
Knowledge base: http://support.microsoft.com/kb/969947
- Win32k NULL Pointer Dereferencing Vulnerability – CVE-2009-1127
- Win32k Insufficient Data Validation Vulnerability – CVE-2009-2513
- Win32k EOT Parsing Vulnerability – CVE-2009-2514
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB969947.