Microsoft has patched a zero-day vulnerability in the Windows kernel uncovered and exploited by Hacking Team. The zero day was found among the 400 GB of data stolen from the Italian surveillance software maker and posted online July 5. A trio of Adobe Flash Player zero days were also uncovered among the stolen data, the last of which were also patched earlier today.
The vulnerability, CVE-2015-2387, in the Adobe Type Manager Font Driver (ATMFD), MS15-077, enables privilege escalation and code execution; it was reported by Google Project Zero and researcher Morgan Marquis-Boire.
“The security update addresses the vulnerability by correcting how Adobe Type Manager Font Driver (ATMFD) handles objects in memory,” Microsoft said in its advisory. It affects Windows Server implementations all the way back to Windows Server 2003. Microsoft rated the vulnerability “important” because it said an attacker would have to log into a target system and then run…
View original post 568 more words