Cisco Blogs

Cisco Blog > Threat Research

Vulnerability Spotlight: Microsoft Windows CDD Font Parsing Kernel Memory Corruption

Discovered by Andrea Allievi and Piotr Bania of Cisco Talos.


Talos, in conjunction with Microsoft’s security advisory issued on September 8th, is disclosing the discovery of a memory corruption vulnerability within the Microsoft Windows CDD Font Parsing Kernel Driver. This vulnerability was initially discovered by the Talos and reported in accordance with responsible disclosure policies to Microsoft. Please see Talos’s Microsoft Tuesday Blog for coverage information for this vulnerability. Read the full Talos Vulnerability Report via the portal here: TALOS-2015-0007


A specially crafted font file can cause the Microsoft Windows CDD Font Parsing Kernel driver to corrupt internal memory structures. The DrvTextOut routine acquires and locks the associated device and behaves differently based on the surface type. If the type is a bitmap and the Windows DWM is on, the driver will read and write directly to the video frame buffer and calls EngTextOut, then exits. However, the driver behaves in an unexpected manner where a new background rect is generated mixing the “OpaqueRect” rectangle located in the sixth parameter and the rectangle located in the “pStringTextObj” object.


If the ClipObject describes a NON-Trivial clip, even the “rclBounds” of the clip object is merged to the background rectangle. The Font Object is parsed, and finally the routine decides if it should clip the background rect or not.


The final decision is based on the following check:


Read More »

Tags: , , ,

OpenDNS Helps Partners Expand Their Security Practice and Accelerate Profitability

Frequent and major cybersecurity breaches have occurred this year, with some causing immense financial damage across many industry segments and leading to a loss of reputation and in some cases lost customers. This puts security top of mind for organizations of all sizes, and it’s definitely a number one priority for Cisco.

Today is an exciting day for Cisco and its partner ecosystem as we announce the close of the acquisition of OpenDNS, a privately held security company headquartered in San Francisco that offers advanced threat protection for any device, anywhere, anytime delivered in a Software-as-a-Service (SaaS) model. The acquisition builds on Cisco’s Security Everywhere strategy, adding broad visibility and threat intelligence. OpenDNS offers a cloud-delivered security platform that accelerates time to value, as it’s fast and easy-to-deploy. Through our integration efforts OpenDNS accelerates the delivery of the Cisco’s cloud-delivered security portfolio, strengthening our advanced threat protection capabilities.

Cisco is committed to being the security market leader, together with our partners, across all industry segments. The OpenDNS acquisition is well aligned to Cisco’s goal of developing innovative security offerings and accelerating sales for partners.  In fact, today we are announcing our first integration between the technology platforms of OpenDNS Umbrella and Cisco AMP Threat Grid.  And, we’ll announce more offers in the coming quarters that integrate OpenDNS technology into the industry’s most comprehensive security portfolio. Read More »

Tags: , , ,

ITD Deployment with Transparent mode security devices

ITD (Intelligent Traffic Director) is getting a lot of interest about transparent (Layer 2) mode device support.

Here is a 10 minute video that shows step by step ITD deployment for Transparent mode security devices, such as Firewalls, IPS, IDS, Web application Firewalls (WAF), ASA, Cisco Sourcefire, etc:

ITD is a hardware based multi-Tbps Layer 4 load-balancing, traffic steering and clustering solution on Nexus 5k/6k/7k/9k series of switches. It supports IP-stickiness, resiliency, NAT (EFT), VIP, health monitoring, sophisticated failure handling policies, N+M redundancy, IPv4, IPv6, VRF, weighted load-balancing, bi-directional flow-coherency, and IPSLA probes including DNS. There is no service module or external appliance needed.

Solution Guide: ITD with Layer 2 Firewall / IPS / IDS

Here is more information about ITD:

Please send email to if you have any questions.


Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Are We Disrupting Ourselves Out of Jobs?

Much has been published in the industry about how automation will result in job loss e.g. the book, The Second Machine Age, as an example.

Further, the question is obvious as to whether or not the skills you have today will be relevant tomorrow?

Women at work
Such discussions have been occurring for the past several years since the financial crisis of 2008; and the question now pondered by enterprises and governments is :

  1. How do we grow the middle class?
  2. How do we provide skills to under-served communities?

Read More »

Tags: , , , , , , , ,

4 Ways Women Can Be a Ninja at Work

I recently became a Ninja. That’s right. A Cisco Security Ninja. You can be a Ninja too!

Ninja fun

Satyapriya Sharma has a little fun with her new Security Ninja achievement.

The Cisco Security Ninja Program ( confirms lessons learned and challenges participants to reach for higher degrees of competence and proficiency in product security. The program offers four distinct “belt” levels, each one increasing your security knowledge and furthering your career at Cisco.

  • While Belt takes you through the basic security concepts and principles.
  • Green Belt is where you take the basic concepts and tell how you are use them in your daily work whether you are a developer, tester, manager.
  • Advanced belts – Blue and Brown, Here’s where you execute on those concepts and think about security for everything you do.
  • Black Belt Like karate, this belt recognizes you as a security leader who will provide ongoing, significant contributions both internally at Cisco and externally in the industry.

“Get your Security White Belt” – was the first thing teams told me when I joined Security Business Unit more than a year ago. There was a Business Unit initiative to have everyone be White-Belt certified. So I got into the groove of things and earned my While Belt and Green Belt (Mangers) within the first month of joining. At that moment, I challenged my team to be the first whole team under our SVP that would be Green-Belt certified. We all worked hard together and achieved that Milestone! By that time advanced level ninja certifications (Blue, Brown and Black Belts) registration had started and I registered for Blue Belt. It took two months to earn it.

At this time, I started mentoring my team and others to achieve this milestone in their development as well. Then came the Brown Belt and I submitted my work for Black Belt. I had to wait for few weeks before I heard from the Security Ninja Program Submission Committee who set up a call with me to go over my submission. They told me that I am the only manager who has applied for the black belt outside of the team that created the program!

Security Ninja Satya Chhabra

Satyapriya Sharma earned her ninja status, and wants to encourage other women to be ninjas at work.

I didn’t think much of it at that time, but once I got the email that I had earned my Black Belt – it started to sink in  – the only manager in the whole of CISCO to earn it. Wait! That also meant the only female manager in whole of CISCO to earn it. YAHOOOOOO !!!!! I couldn’t wait to share the news with everyone :) especially my Women In Science and Engineering (WISE) team.

I got a lot of support from my family and the management team to reach this milestone. Being in Security Business Unit certainly helped me earn the certificates faster since I live and breathe this stuff daily!

I want to use what I learned from this experience to encourage other women, not only at Cisco, but in technology everywhere to push ahead for these expert certifications. Here are four pieces of advice to become a Ninja in your space:

  1. Be patient and don’t give up! Getting these certifications was hard work and takes time.
  2. Don’t put your own development on the back burner. Due to tight timelines and commitments and work-life juggling we put our development on the back burner –make your development plan with your management, talk to your family and give yourself ample time to get to the milestone so it’s not stressful.
  3. Block time on your calendar each week if you have to. For Green Belt, I used to do one module a day after my daughter would go to sleep.
  4. Get a mentor. Seek help from someone from your site/business unit if needed. I am happy to help as well. Please feel free to each out. J

Always remember – if I can do it so can you.

Tags: , , , , ,