Security Advisory - November 11, 2011

Zscaler Provides Immediate Vulnerability Protection for Latest Microsoft Advisory

 

 

Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following web based, client-side vulnerability included in the October Microsoft advisory 2639658. Zscaler will continue to monitor exploits associated with the advisory and deploy additional protections as necessary.

2639658 – Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege (2639658)

Severity: Important
Affected Software

  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7

CVE-2011-3402 - Duqu malware

Description: A remote code execution vulnerability exists in the TrueType font parsing engine.