Posted past times Mateusz Jurczyk of Google Among the total of 119 vulnerabilities amongst CVEs fixed past times Microsoft inwards the [1] [2] together with fuzzing [3] [4] . However, what makes this endeavour a chip dissimilar from the previous ones is the fact that Uniscribe is a little-known user-mode component, which had non been widely recognized as a feasible assail vector before, as opposed to the kernel-mode font implementations included inwards the win32k.sys together with ATMFD.DLL drivers. In this post, nosotros outline a brief history together with description of Uniscribe, explicate how nosotros approached at-scale fuzzing of the library, together with highlight some of the to a greater extent than interesting discoveries nosotros have got made so far. All the raw reports of the bugs we’re referring to (as they were submitted to Microsoft), together amongst the corresponding proof-of-concept samples, tin live constitute inwards the official põrnikas tracker [5] . Enj...