Microsoft has patched a zero-day vulnerability in the Windows kernel uncovered and exploited by Hacking Team. The zero day was found among the 400 GB of data stolen from the Italian surveillance software maker and posted online July 5. A trio of Adobe Flash Player zero days were also uncovered among the stolen data, the last of which were also patched earlier today. The vulnerability (CVE-2015-2387) in the Adobe Type Manager Font Driver (ATMFD) enables privilege escalation and code execution. The security update addresses the vulnerability by correcting how Adobe Type Manager Font Driver (ATMFD) handles objects in memory. It affects Windows Server implementations all the way back to Windows Server 2003. Microsoft rated the vulnerability “important” because it said an attacker would have to log into a target system and then run malicious code.
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street