Microsoft Subnet An independent Microsoft community View more

Microsoft issues critical out-of-band patch for flaw affecting all Windows versions

Microsoft released an out-of-band patch for a remote, critical flaw that affects all supported versions of Windows.

Windows security patches
Credit: Open Clips

Happy Monday, IT folks. Ready to patch and then restart your machines? I hope so as Microsoft released an out-of-band patch for a remote, critical flaw in the way Windows Adobe Type Manager Library handles OpenType fonts; all supported versions of Windows are affected. It's being exploited in the wild and Microsoft admitted some of its customers could be attacked. It's not every day Microsoft releases an out-of-band patch, so when it does so instead of deploying the fix on Patch Tuesday, then it means patch now.

This morning Microsoft Premier Support customers received notification that Microsoft would release an out-of-band patch for a critical remote code execution (RCE) vulnerability that affects all versions of Windows. There was no more information, other than that a reboot would be required after the patch was installed. Everyone else was notified when Microsoft made the out-of-band patch announcement at 10 am PST.

See also: What to know about Microsoft's upcoming Windows 10 release

Out-of-band patch Microsoft Premier Support email notification on July 20 ddesla2

MS15-078 is the patch for a vulnerability in Microsoft font driver that could allow remote code execution.

The security bulletin stated:

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts. This security update is rated Critical for all supported releases of Microsoft Windows.

Under vulnerability information, Microsoft wrote:

OpenType Font Driver Vulnerability - CVE-2015-2426

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

There are multiple ways an attacker could exploit this vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage that contains embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts.

When this security bulletin was issued, Microsoft had information to indicate that this vulnerability was public but did not have any information to indicate this vulnerability had been used to attack customers. Our analysis has shown that exploit code could be created in such a way that an attacker could consistently exploit this vulnerability.

While Microsoft has not identified any mitigating factors for the vulnerability, it did propose workarounds to rename ATMFD.dll for 32-bit and 64-bit systems. Optional workaround procedures for Windows 8 and later include disabling ATMFD and using a managed deployment script.

Happy patching!

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.