Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Windows kernel-mode drivers vulnerability could allow denial of service


Report ID: MS201111002
Date Published: 10 November 2011

Criticality: Moderate
Compromise Type: denial-of-service
Compromise From: remote


Affected Product/Component:

Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008




Summary

A vulnerability in the Windows kernel, involving TrueType font parsing, could allow an attacker to cause an affected system to stop responding and restart. 



Detailed Description

Microsoft has issued a security update to patch a vulnerability that exists in the Windows kernel. The vulnerability is caused by insufficient validation on an array index when Windows kernel-mode drivers load a TrueType font file. Upon successful exploit, an attacker could cause the target system to stop responding and restart.

This vulnerability has been addressed in the latest security update, which ensures that array indexes are properly validated when loading TrueType font files. Users are recommended to install this update to protect their system from potential exploit.



CVE Reference

CVE-2011-2004



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-084)




Online Virus Scanner

 
Run a quick online virus scan of your computer.