Microsoft released additional two security bulletins for this month. These are tagged critical since remote code execution is possible when the vulnerability is successfully exploited. More details can be found at Microsoft’s pages. (click on each link below)
“A remote code execution vulnerability exists in Windows because of the way that it handles malformed embedded Web fonts. An attacker could exploit the vulnerability by constructing a malicious embedded Web font that could potentially allow remote code execution if a user visited a malicious Web site or viewed a specially crafted e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system.”
“A remote code execution vulnerability exists in Microsoft Outlook and Microsoft Exchange Server because of the way that it decodes the Transport Neutral Encapsulation Format (TNEF) MIME attachment.”
“An attacker could exploit the vulnerability by constructing a specially crafted TNEF message that could potentially allow remote code execution when a user opens or previews a malicious e-mail message or when the Microsoft Exchange Server Information Store processes the specially crafted message.”
“An attacker who successfully exploited this vulnerability could take complete control of an affected system.”
Users are encouraged to patch their machines immediately to avoid possible attacks from malicious users using the said vulnerabilities. You can get MS patches by visiting Microsoft Update and Office Update. (Note: for Firefox browser users, Internet Explorer must be used when going to Microsoft update) =)