Microsoft is recommending users to embrace their November patch update, which was released on last Tuesday and addresses as many as 15 vulnerabilities in Windows, Windows Server and Office suites, with immediate effect to avoid any undesired consequences later.
Of the six bulletins released in this month’s ‘Patch Tuesday’ cycle, MS09-065 is being dubbed as the most ‘critical’ one and it rectifies three technical glitches surrounding Windows kernel.
In addition, of these three vulnerabilities mentioned in the update, the one which impacts the manner in which Windows kernel parses the ‘Embedded Open Type’ fonts has been regarded as the most significant, as the third party that notified it to the software maker has also made it public.
Security analysts are reporting that the specific vulnerability, which lies in the font parsing subsystem of the win32.sys driver, could be exploited by hackers to perform remote code execution on the victim’s computer and seize control over the system’s resources.
A proof-of-concept exploit of the vulnerability has already been integrated into the Metasploit point-and-click tool.
According to HD Moore from Metasploit, the code initiates a ‘blue screen of death’, or simply ‘BSoD’, from the web page, and he anticipates to get code execution very soon simply by bringing some modifications into it.