Microsoft is investigating a vulnerability in a Microsoft Windows
component, the Win32k TrueType font parsing engine. An attacker who
successfully exploited this vulnerability could run arbitrary code in
kernel mode. The attacker could then install programs; view, change, or
delete data; or create new accounts with full user rights. This
vulnerability is being actively exploited by the Duqu malware.