Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege

View previous topic View next topic Go down

Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege

Post by ssj100 on 17/11/2011, 09:03

http://technet.microsoft.com/en-us/security/advisory/2639658

For users of Sandboxie (particularly those generally following my security setup/approach), this is one useful workaround while waiting for Microsoft to patch the vulnerability:
ClosedFilePath=C:\WINDOWS\system32\t2embed.dll

You can verify that it works by following the instructions here (use IE):
http://blogs.computerworld.com/19256/a_simple_test_insures_the_duqu_workaround_is_working?source=rss_blogs

For those using SRP/AppLocker/Classical HIPS, a system-wide block of "t2embed.dll" is also an option.

The above workarounds would stop any exploit from the very start (that is, it would prevent any exploit from even initiating). However, I would think that even without the specific workarounds, no significant harm can be done with the appropriate security setup/approach. This is because it's one thing to trigger the vulnerability, but it's another thing to deliver a significant payload that can bypass a locked down LUA/SRP/Sandboxie or something equivalent.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege

Post by Guest on 1/12/2011, 05:45

Hi SSJ100 How do you apply the

ClosedFilePath=C:\WINDOWS\system32\t2embed.dll

in Sandboxie?

I mean where does it go?

Guest
Guest


Back to top Go down

Re: Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege

Post by ssj100 on 1/12/2011, 09:31

You can find more information about it here (search for "Blocked Access"):
http://www.sandboxie.com/index.php?ResourceAccessSettings#file

EDIT: I think what you're wanting to know is this:
Sandboxie Control > Sandbox Settings > Resource Access > File Access > Blocked Access

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege

Post by ssj100 on 14/12/2011, 12:49


_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum