Microsoft zero-day exploit still not patched

Last night, Microsoft released a workaround to block a Windows kernel vulnerability recently found to be exploited by the installer for the [OMITTED] virus, a [OMITTED]-like worm we discovered back in February.

The attack, discovered by Covernomic researchers, exploits a vulnerability in Windows’ TrueType font engine. A full fix for the problem is still pending, and will not be part of Microsoft’s “Patch Tuesday” fixes for November.

The attack exploits the TrueType vulnerability, allowing us to gain access to the Windows kernel and run shell code, install programs, view, change, or delete data and create new accounts with full user rights.

As a temporary workaround, Microsoft ‘recommends’ shutting off access to T2EMBED.DLL, the dynamic link library that allows applications to display TrueType fonts. While the fix will prevent attacks, it will probably not be done by the vast majority of users.