Windows kernel-mode drivers vulnerability could allow denial of service
Report ID: MS201111002
Date Published: 10 November 2011
Compromise Type: denial-of-service
Compromise From: remote
Windows Server 2003
Windows Server 2008
A vulnerability in the Windows kernel, involving TrueType font parsing, could allow an attacker to cause an affected system to stop responding and restart.
Microsoft has issued a security update to patch a vulnerability that exists in the Windows kernel. The vulnerability is caused by insufficient validation on an array index when Windows kernel-mode drivers load a TrueType font file. Upon successful exploit, an attacker could cause the target system to stop responding and restart.
This vulnerability has been addressed in the latest security update, which ensures that array indexes are properly validated when loading TrueType font files. Users are recommended to install this update to protect their system from potential exploit.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-084)