Microsoft issues critical, out-of-band patch for all versions of Windows. Why you should install it!

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Microsoft released an out-of-band patch Monday that addresses a critical remotely exploitable flaw in all versions of Windows.

The vulnerability stems from how Windows’ Adobe Type Manager Library handles OpenType fonts. If a user was tricked into either opening a rigged document or visiting an untrusted website that contains embedded OpenType fonts, it could open their machine up to remote code execution.

According to a security bulletin (MS15-078) corresponding to the vulnerability at Microsoft’s Security Tech Center, all supported versions of Windows should receive the patch. Windows Server 2003, which stopped receiving support last week, will not receive the patch.

Microsoft stresses that it’s possible for an attacker to “consistently exploit” the vulnerability by creating their own exploit code.

“When this security bulletin was issued, Microsoft had information to indicate that this vulnerability was public but did not have any information to indicate this vulnerability had been used to attack customers,” the bulletin reads.

Still though, an attacker could leverage the vulnerability to take complete control of a system – meaning they could be given the ability to install programs, view, and change or delete data, along with the ability to create new accounts with full user rights.

Microsoft is encouraging users who don’t have automatic updates enabled to apply the fix as soon as possible but points out that there are several viable workarounds that may be helpful for end users who can’t right away.

The workarounds differ by the system, but mostly involve using a managed deployment script and renaming or removing the .DLL that corresponds to the Adobe Type Manager Library (ATML), actions that could ultimately impact applications that rely on ATML.

- See more at: https://threatpost.com/microsoft-is...rsions-of-windows/113866#sthash.ekuY9iXz.dpuf
 

MrXidus

Super Moderator (Leave of absence)
Apr 17, 2011
2,503
Thanks, successfully updated to this emergency patch on Windows 10 and will make sure relatives PCs do so too.
 

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Hi Jack, is that update KB3079904?
Hey Tony,
Yes KB3079904 is the update, here are more details: https://support.microsoft.com/en-us/kb/3079904

23.jpg
 
  • Like
Reactions: Tony Cole

Tony Cole

Level 27
Verified
May 11, 2014
1,639
Thank you Jack, just updated. I cannot believe a small update, less than megabyte can patch such a critical exploit.
 
L

LabZero

If the font rendering runs in the kernel does not seem so correct....
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top