1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Microsoft releases out-of-band patch for all versions of Windows

Discussion in 'CSO' started by RSS, Jul 20, 2015.

  1. RSS

    RSS New Member Member

    Microsoft released an out-of-band patch on Monday, which fixes a problem in the Windows Adobe Type Manager Library that could lead to remote code execution (RCE) on the host system if exploited.

    If successfully targeted by an attacker, the vulnerability patched today could lead to total system compromise, as they would've gained access to alter programs; view, change, or delete data; or create new accounts with full user rights.

    Microsoft has released patches for all supported versions of the Windows operating system, and listed the severity of the problem as critical.

    "There are multiple ways an attacker could exploit this vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage that contains embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts," an advisory on the issue explains.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page