Reply to post: Re: font owning a PC

It's 2020 and hackers are still hijacking Windows PCs by exploiting font parser security holes. No patch, either

Michael Wojcik Silver badge

Re: font owning a PC

Actually, in the most recent releases of Win10, font parsing apparently runs in usermode with the privileges of the invoking user.

But note this is not the first RCE in Windows font processing. It's not even the first one in the Adobe Type Manager library. All of that crap needs to be taken out behind the shed, and replaced with something running in a safer environment. Font rendering has some excuse for wanting native-code processing for performance; font parsing does not. Routinely parsing thousands of font descriptions a second would be a very specialized use case.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon