Skip to Content

Vanderbilt IT

Home > Security > messages > Vulnerability in Microsoft Font Driver

Vulnerability in Microsoft Font Driver

VUIT Security Notice: Vulnerability found in Microsoft font driver

Vanderbilt IT would like to bring the following information to the technical community’s attention, especially those who use a Windows operating system. A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. All supported versions of the Windows operating system are vulnerable in both the 32- and 64-bit versions, including core installations of Windows servers.

The security vulnerability has been identified as critical because it can be exploited remotely and can potentially allow the attacker to take control of the affected machine. In turn, this grants the attacker access to other systems within the network. Of the various ways an attacker could exploit this vulnerability, the most common tactics are through persuading a user to open a specially crafted document or by prompting a user to visit an untrusted webpage that contains embedded OpenType fonts. To this end, it is not advised to browse the web or open documents on a server.

VUIT Security Operations will continue to monitor this vulnerability closely and has taken several precautions that include instituting detection capability for possible exploits of this vulnerability and transitioning into prevention mode.

In the meantime, VUIT recommends that users patch as soon as possible, prioritizing systems in the order listed:

  1. All public-facing Windows servers
  2. All critical systems utilizing Windows (whether they are public-facing or not)
  3. All public-facing Windows servers
  4. All public-facing Windows clients
  5. All machines running any variant of the Windows operating system

It is extremely likely that this patch will require a reboot. In this case, please handle your emergency communications as usual. Links to individual patches can be found in the TechNet article listed under the “Sources and References” section below.

For more information, please contact VUIT Security Operations at vuit.incident.response@vanderbilt.edu.

 

Sources and References
https://technet.microsoft.com/en-us/library/security/ms15-078.aspx
https://support.microsoft.com/en-us/kb/3079904
https://isc.sans.edu/forums/diary/Special+Microsoft+Bulletin+Patching+Remote+Code+Execution+Flaw+in+OpenType+Font+Drivers/19941/ 

 


Last Modified: 2016-08-17