Microsoft Corp. today released the July set of patches for their products by removing six unique vulnerabilities that affect most modern products of the company.
It is interesting to note that three of the vulnerability associated with the way Microsoft software handles fonts. “Working with fonts in the operating system has become really difficult, there is a real-time process that started at the time of printing and this complexity may be the subject of attack,” – says Wolfgang Kandek CTO, Qualys.
The number of critical security vulnerabilities that have been eliminated at this time is higher than average. As a rule, the entire set of vulnerabilities, the company produces 2.1 bulletin describing the critical bugs, but this time there were three of these vulnerabilities – MS13-052, -053 and -054. All related to the rendering system Microsoft TrueType Fonts.
With these vulnerabilities, an attacker can embed malicious values in the font description that overflows the allocated memory for the system font rendering and trigger recording in the storage units designed for other operations. Font-instructions may be provided to or Windows Internet Explorer.
An additional danger lies in the way Windows works with fonts – OS does the system with the privileges of the user who has much more power than regular users.
Among other products, underwent correction, can be distinguished NET Framework, Silverlight, Office, Visual Studio, Lync, IE, and Windows Defender.
Microsoft Security Bulletin Summary for July 2013: http://technet.microsoft.com/en-us/security/bulletin/ms13-jul