Attackers cannot directly exploit this vulnerability and instead rely upon user participation. Attackers may embed malicious content within public websites or attempt to convince users to visit malicious sites by sending links in e-mail messages. An attacker may rely upon social engineering techniques to convince users to participate in an exploit.
Systems most at risk are end-user systems on which users run applications with elevated privileges. If the user holds elevated privileges, an exploit could result in a complete system compromise. Systems that restrict user privileges or those with built-in privilege separation could be impacted less as the result of an exploit because any executed code would run with limited privileges.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the July 2009 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin for July 2009
The update available from Microsoft corrects this vulnerability by improving font parsing.