Microsoft released security bulletin 2,639,658 fix malware Duqu exploits
Patch Tuesday Duqu malware disclosed did not included in the Windows kernel vulnerability (CVE-2011-3402), but Microsoft’s rapid response team for this independent today released a security bulletin 2,639,658, and introduce a way of helping users to quickly Fix it button bug fix. The vulnerability comes from handling problems with embedded TrueType fonts, an attacker can view, change, and delete data, and create accounts with full privileges, this is quite dangerous, means that an attacker may be able to remote code execution (RCE) and elevation of privilege (EOP).
Access and repair: Microsoft Security Advisory: Vulnerability in TrueType font parsing could allow elevation of privileges