Windows Emergency Patch to Address Embedded OpenType Font Vulnerability

[carnageX]

Make sure if you have Windows Update turned off you get this patch that addresses a vulnerability in Windows with embedded OpenType Fonts.

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
There are multiple ways an attacker could exploit this vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage that contains embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts.
When this security bulletin was issued, Microsoft had information to indicate that this vulnerability was public but did not have any information to indicate this vulnerability had been used to attack customers. Our analysis has shown that exploit code could be created in such a way that an attacker could consistently exploit this vulnerability.

https://technet.microsoft.com/library/security/MS15-078#ID0EKIAE

 

[MidnightShadow]

Great find. Thank you! Do we have a thread where stuff like this is updated constantly, and that's all the thread is for?

 

[carnageX]

Nope, we don't. I just make threads in this board when I see important security bulletins and such , as have others.

 

[MidnightShadow]

I can't thank you until I 'spread the love' around...

 

[Janet H]

Thanks for posting about this

 

[Spud1200]

Just installed this Patch tonight. When I read the article I believe it was released on the 16 of this month. Thanks as well, now I know its not just me. I'm running an embeded System.