Zero-day Windows vulnerability exposed by Hacking Team leak

Hot on the heels of yesterday's Flash vulnerability, the leak of internal documents from Hacking Team has revealed another zero-day vulnerability, this time in a Windows kernel component. Attackers can exploit it to gain administrator privileges on a target system. All versions of Windows from XP up to 8.1 are reported to be affected, in both 32 and 64-bit variants.

The vulnerability resides in the Adobe-provided atmfd.dll, which is a kernel-level driver for rendering OpenType fonts . TrendMicro has a page up with a brief technical description about the vulnerability (which is essentially a ...

Read more...