Coverage Information for Microsoft Security Advisory (2639658)

Summary

Microsoft has published a Security Advisory ("Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege", CVE-2011-3402) regarding a vulnerability in Microsoft Windows operating systems that can allow an attacker to craft a malicious TrueType font that can result in the execution of arbitrary code in kernel mode.

Complete information from Microsoft is available at http://technet.microsoft.com/en-us/security/advisory/2639658.

Coverage Information

Palo Alto Networks content update version 275 (released 11/8/11) provides signature-based detection of attempted exploitation of the vulnerability described in this Microsoft Security Advisory.

The following signatures have been added to detect exploitation of this vulnerability:

Severity ID Name CVE Default action
critical 34517 Microsoft TrueType Font Rendering Memory Corruption Vulnerability CVE-2011-3402 alert
critical 34518 Microsoft TrueType Font Rendering Memory Corruption Vulnerability CVE-2011-3402 alert

Palo Alto Networks customers with a Threat Prevention subscription are advised to verify that they are running the latest content version on their devices.  If you have any questions about coverage for this advisory, please contact support.

Revision History

11/9/11 - Advisory posted