Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following web based, client-side vulnerability included in the October Microsoft advisory 2639658. Zscaler will continue to monitor exploits associated with the advisory and deploy additional protections as necessary.
2639658 – Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege (2639658)
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
CVE-2011-3402 - Duqu malware
Description: A remote code execution vulnerability exists in the TrueType font parsing engine.