Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege

Go down

Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege

Post by ssj100 on 17/11/2011, 09:03

http://technet.microsoft.com/en-us/security/advisory/2639658

For users of Sandboxie (particularly those generally following my security setup/approach), this is one useful workaround while waiting for Microsoft to patch the vulnerability:
ClosedFilePath=C:\WINDOWS\system32\t2embed.dll

You can verify that it works by following the instructions here (use IE):
http://blogs.computerworld.com/19256/a_simple_test_insures_the_duqu_workaround_is_working?source=rss_blogs

For those using SRP/AppLocker/Classical HIPS, a system-wide block of "t2embed.dll" is also an option.

The above workarounds would stop any exploit from the very start (that is, it would prevent any exploit from even initiating). However, I would think that even without the specific workarounds, no significant harm can be done with the appropriate security setup/approach. This is because it's one thing to trigger the vulnerability, but it's another thing to deliver a significant payload that can bypass a locked down LUA/SRP/Sandboxie or something equivalent.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege

Post by Guest on 1/12/2011, 05:45

Hi SSJ100 How do you apply the

ClosedFilePath=C:\WINDOWS\system32\t2embed.dll

in Sandboxie?

I mean where does it go?

Guest
Guest


Back to top Go down

Re: Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege

Post by ssj100 on 1/12/2011, 09:31

You can find more information about it here (search for "Blocked Access"):
http://www.sandboxie.com/index.php?ResourceAccessSettings#file

EDIT: I think what you're wanting to know is this:
Sandboxie Control > Sandbox Settings > Resource Access > File Access > Blocked Access

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege

Post by ssj100 on 14/12/2011, 12:49


_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege

Post by Sponsored content


Sponsored content


Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum