A vulnerability has been discovered in the way Windows displays Embedded Open Type fonts. Similar to the WMF exploit, a user simply has to view HTML in their browser or email client to trigger an exploit. There is a big (okay huge) difference however, this is a heap overflow which is far more difficult to exploit that the WMF vulnerability. It still poses a threat and we will most likely see worms, bots, spyware, etc… take advantage of this vulnerability because the attack vector is easy to trigger.
You should:

  • Apply the patch from MS
  • View your email in plain text
  • Disable font downloads in Internet Explorer (more information here)

The vulnerability was discovered on July 31, 2005. We get a patch for it today, January 10, 2005. The Microsoft Honey Monkey Project uncovered exploits for vulnerabilities that Microsoft knew about and was patching, but didn’t think the public knew about. Does this one fall in the same category? It is quite feasible that evil people have been using this exploit for some time without our knowledge. Microsoft has to be able to produce a patch quicker than 163 days, that’s far too long for us to be standing here with our pants down. Meanwhile attackers sit around and laugh at at us from behind their happy hacking keyboard collecting people’s personal information like credit cards, bank account numbers, and passwords.
(Okay, so maybe attackers don’t use the happy hacking keyboard, but it sounded good :)
Full Microsoft Bulletin
EEye Advisory
Internet Storm Center Posting