MA-181.072009: MyCERT Alert - Multiple Vulnerabilities in the Embedded OpenType Font

1.0 Introduction

Multiple vulnerabilities have been identified in the Embedded OpenType Font (T2EMBED.DLL). The vulnerabilities could allow remote code execution if a user open a specially custom OpenType font embaded in a webpage by using Internet Explorer, or by applications such as Microsoft Office to open Microsoft Word document containing a malicious embedded font. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system.

2.0 Impact

By exploiting these vulnerabilities, an attacker could execute arbitrary code on vulnerable installations of Embedded OpenType Font and gain the same privilege as the user. These vulnerabilities could be exploited to install malware on the user's computer.

3.0 Affected Products

Microsoft Windows operating systems listed below are vulnerable to these vulnerabilities:

• Microsoft Windows 2000 Service Pack 4
• Windows XP Service Pack 2
• Windows XP Service Pack 3
• Windows XP Professional x64 Edition Service Pack 2
• Windows Server 2003 Service Pack 2
• Windows Server 2003 x64 Edition Service Pack 2
• Windows Server 2003 with SP2 for Itanium-based Systems
• Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
• Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
• Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
• Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
• Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

4.0 Recommendation

MyCERT recommends users to enable the Automatic Updates feature because the security update will be downloaded and installed automatically. For information about specific configuration options in automatic updating, please refer to this URL: http://support.microsoft.com/kb/294871

If user is not able to perform the update by using Automatic Updates feature, manual download for the patch can be obtained for specific operating system:

• Microsoft Windows 2000 Service Pack 4
  http://www.microsoft.com/downloads/details.aspx?familyid=1efbbd95-cd72-43df-b1ce-7e2b0c0cb9e2
  
  
• Windows XP Service Pack 2
  http://www.microsoft.com/downloads/details.aspx?familyid=6914167b-6961-480c-a4d4-808cd58a035b
  
  
• Windows XP Service Pack 3
  http://www.microsoft.com/downloads/details.aspx?familyid=6914167b-6961-480c-a4d4-808cd58a035b
  
  
• Windows XP Professional x64 Edition Service Pack 2
  http://www.microsoft.com/downloads/details.aspx?familyid=3b8b019e-e6d8-4ce2-8f1f-3a6399b252d1
  
  
• Windows Server 2003 Service Pack 2
  http://www.microsoft.com/downloads/details.aspx?familyid=018ef53d-f78e-4084-940d-7c86bf59d83c
  
  
• Windows Server 2003 x64 Edition Service Pack 2
  http://www.microsoft.com/downloads/details.aspx?familyid=7f5fc902-f5d8-4a87-a73f-68632f9a0935
  
  
• Windows Server 2003 with SP2 for Itanium-based Systems
  http://www.microsoft.com/downloads/details.aspx?familyid=7df0fce2-543c-4e82-85e6-012bfc8bf130
  
  
• Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
  http://www.microsoft.com/downloads/details.aspx?familyid=c67d85c4-25c5-4821-8db9-91764888f893
  
  
• Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
  http://www.microsoft.com/downloads/details.aspx?familyid=3f8ae651-59f7-48e1-9e8c-8e07c6806964
  
  
• Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
  http://www.microsoft.com/downloads/details.aspx?familyid=91f6ee68-0e39-4ec3-b4cd-45f05404e2fb
  
  
• Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
  http://www.microsoft.com/downloads/details.aspx?familyid=5cdc3014-97b3-47b5-a6b7-cd0e12ec60e4
  
  
• Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
  http://www.microsoft.com/downloads/details.aspx?familyid=03330a14-9cfa-4146-a3d3-4b7a76975d2d

Generally, MyCERT advises the users of these softwares to be updated with the latest security announcements by the vendor. Users who receive suspicious URL can forward them to MyCERT for further analysis.

MyCERT can be reached through the following channels:

E-mail : mycert@mycert.org.my
Phone : +603 89926969 or 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : +60 19 2813801 (24x7 SMS reporting)
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my

5.0 References

• http://www.microsoft.com/technet/security/bulletin/MS09-029.mspx
• http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=811