On July 20, 2015, Microsoft released a patch (specifically, MS15-078) for a newly announced security vulnerability, named CVE-2015-2426, that affects all supported Windows cloud hosting systems to date. Microsoft has marked this vulnerability as critical and recommends that all servers be patched as soon as possible. The affected Windows versions include:
- Windows Vista
- Windows 7
- Windows 8 and 8.1
- Windows Server 2008
- Windows Server 2008 R2
- Windows Server 2012
- Windows Server 2012 R2
- Windows RT and RT 8.1
- Any Server Core Installation
What is the CVE-2015-2426 Font Driver Vulnerability?
This is a vulnerability in Microsoft’s Font Driver that would allow for remote code execution via specially crafted OpenType fonts. These OpenType fonts could be contained in specially formatted documents or embedded in non-secure web pages.
So what does this mean?
Microsoft reserves “critical” for its most severe vulnerabilities. In these cases, an attack can bypass existing security measures. For example, if an email comes to you with a legitimate-looking document for you to open or download, or if you visit a website containing one of these embedded OpenType fonts, an attacker could execute malicious code that could install a keylogger, start network attacks against other people, or encrypt all of your files and demand ransom for the decryption key. Those are just a few of the scary examples of what can be done with remote code execution.
How do I get this fixed?
Update! Microsoft released, via Windows Update, a patch outside of their normal monthly Patch Tuesday cycle. If you just want this specific update, it is labeled KB3079904. If you want to manually apply the update outside of Windows Update, see the TechNet article, and follow their information for direct download links for each Operating System affected.
How does the KB3079904 fix this?
The update changes how Windows Adobe Type Manager Library processes and handles OpenType fonts. Once you apply the update and restart your Windows device, you will be safe from the vulnerability. For more details on the MS15-078 patch, check out the Microsoft Support article.