An attacker cannot directly exploit this vulnerability and instead must rely upon user participation in order to accomplish an exploit. Attackers may embed malicious content on public websites in order to launch exploits against users who may access the site. Attackers may also send links within e-mail messages that direct users to malicious sites.
End-user workstations and terminal servers that allow users to run programs with elevated privileges are most at risk. An exploit against a system on which users hold elevated privileges could result in a complete compromise.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the July 2009 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin for July 2009
The update available from Microsoft corrects this vulnerability by improving the parsing of embedded font files.