Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following web based, client-side vulnerability included in the October Microsoft advisory 2639658. Zscaler will continue to monitor exploits associated with the advisory and deploy additional protections as necessary.

2639658 – Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege (2639658)

Severity: Important
Affected Software

Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7

CVE-2011-3402 - Duqu malware

Description: A remote code execution vulnerability exists in the TrueType font parsing engine.