Atlantic.Net Blog

What is the CVE-2015-2426 Font Driver Vulnerability?

Jason Mazzota
by Atlantic.Net (29posts) under VPS Hosting

On July 20, 2015, Microsoft released a patch (specifically, MS15-078) for a newly announced security vulnerability, named CVE-2015-2426, that affects all supported Windows VPS hosting systems to date. Microsoft has marked this vulnerability as critical and recommends that all servers be patched as soon as possible. The affected Windows versions include:

  • Windows Vista
  • Windows 7
  • Windows 8 and 8.1
  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows RT and RT 8.1
  • Any Server Core Installation


What is the CVE-2015-2426 Font Driver Vulnerability?

This is a vulnerability in Microsoft’s Font Driver that would allow for remote code execution via specially crafted OpenType fonts. These OpenType fonts could be contained in specially formatted documents or embedded in non-secure web pages.


So what does this mean?

Microsoft reserves “critical” for its most severe vulnerabilities. In these cases, an attack can bypass existing security measures. For example, if an email comes to you with a legitimate-looking document for you to open or download, or if you visit a website containing one of these embedded OpenType fonts, an attacker could execute malicious code that could install a keylogger, start network attacks against other people, or encrypt all of your files and demand ransom for the decryption key. Those are just a few of the scary examples of what can be done with remote code execution.


How do I get this fixed?

Update! Microsoft released, via Windows Update, a patch outside of their normal monthly Patch Tuesday cycle. If you just want this specific update, it is labeled KB3079904. If you want to manually apply the update outside of Windows Update, see the TechNet article, and follow their information for direct download links for each Operating System affected.


How does the KB3079904 fix this?

The update changes how Windows Adobe Type Manager Library processes and handles OpenType fonts. Once you apply the update and restart your Windows  device, you will be safe from the vulnerability. For more details on the MS15-078 patch, check out the Microsoft Support article.

Get A Free To Use Cloud VPS

Free Tier Includes:
G3.2GB Cloud VPS Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year

Looking for a Hosting Solution?

We Provide Cloud, Dedicated, & Colocation.

  • Seven Global Data Center Locations.
  • Flexible Private, Public, & Hybrid Hosting.
  • 24x7x365 Security, Support, & Monitoring.
Contact Us Now! Med Tech Award FTC
SOC Audit HIPAA Audit HITECH Audit

Recent Posts

Get started with 12 months of free cloud VPS hosting

Free Tier includes:
G3.2GB Cloud VPS Server Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year

New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Ashburn, VA

1807 Michael Faraday Ct,

Reston, VA 20190

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4


London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom