Microsoft has rushed to fix a ‘critical’ remote execution flaw discovered in files related to the attack on controversial Italian surveillance tools developer Hacking Team, and has released a patch for all supported versions of Windows.
According to a Microsoft advisory, a rogue, specially crafted font could allow an attacker to gain access to an affected system – a threat deemed serious enough for the company to release a patch outside the usual Patch Tuesday update cycle.
“There are multiple ways an attacker could exploit this vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage that contains embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts.”
Microsoft says it believes information about the vulnerability is in the public domain, but is not aware of any incidents of it being exploited in the wild. The most recent Patch Tuesday fixed two zero-day vulnerabilities found in 400GB worth of files uncovered in the Hacking Team attack.
This latest update is available for Windows Vista, 7, 8 and RT as well as Windows Server 2008, but not Windows XP or Windows Server 2003, support for both of which has ended. If an administrator is unable to patch immediately, Microsoft’s advisory does provide a number of workarounds for supported systems.
Are you a security pro? Try our quiz!
Tesla shareholders to be asked to reinstate Elon Musk's $56 billion pay package, days after…
Catching WhatsApp? Billionaire founder of Telegram claims encrypted platform will reach one billion users within…
Good news for Mark Zuckerberg as judge dismisses some claims in dozens of lawsuits alleging…
Consequences of Assembly Bill 886. Google begins removing California news websites from some search results
CEO Tim Cook during visit to Jakarta says Apple will look into building a manufacturing…
Introduction of digital services tax on tech firms will begin in 2024 Canadian government confirms,…