微軟於11月5日發佈安全警報稱,Windows系統組件TrueType字體處理引擎中存在一個漏洞(CVE-2011-3402),成功利用此漏洞的攻擊者可在核心模式下運行任意代碼、安裝任意程序、查看或刪除指定數據,或者創建完全權限的賬戶。目前微軟已經監測到利用此漏洞進行的攻擊事件。受影響的系統列表如下:
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2(服務器核心安裝方式不受影響)
Windows Server 2008 for x64-based Systems Service Pack 2(服務器核心安裝方式不受影響)
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1(服務器核心安裝方式不受影響)
Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1