MS warns of TrueType attack vulnerability
Problem
As of early November, 2011, Microsoft advises of a serious security vulnerability that can be transmitted via TrueType fonts. Office documents can include embedded fonts that automatically install themselves when the document is opened, so PowerPoint, Word and Excel files should be considered risky.
While it investigates a complete fix for the problem, Microsoft has a workaround that involves disabling the ability of applications/Windows to install embedded fonts on demand. If you choose to use this workaround, documents that rely on embedded fonts for proper formatting won't look right when opened (the embedded font won't work), but your system should be safe from this particular attack.
Solution
Read the following pages at Microsoft's site for an automated Fixit and a manual, command line workaround:
- http://support.microsoft.com/kb/2639658
- http://technet.microsoft.com/en-us/security/advisory/2639658