Microsoft releases emergency patch for all versions of Windows

Forum Moderators: open

Message Too Old, No Replies

Microsoft releases emergency patch for all versions of Windows

The flaw allows a hacker to take over a machine

bill

10:47 pm on Jul 20, 2015 (gmt 0)

http://www.zdnet.com/article/microsoft-releases-emergency-patch-for-critical-windows-flaw/ [zdnet.com]

Microsoft releases emergency patch for all versions of Windows

Microsoft has released an emergency out-of-band patch for a critical flaw, affecting all supported versions of Windows.

The software giant said in an advisory Monday that the vulnerability, if exploited, could "allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts."

"An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," the advisory added.

thomcraver

2:03 pm on Jul 21, 2015 (gmt 0)

Apparently this affects every Windows version from 7 all the way through to Windows 10, including the betas that are out there.

engine

5:25 pm on Jul 21, 2015 (gmt 0)

I updated and rebooted, just to make sure. No mention of XP, but, then, it's no longer supported.

thomcraver

6:05 pm on Jul 21, 2015 (gmt 0)

Definitely not XP. You should consider a new computer... ;-)

lucy24

7:04 pm on Jul 21, 2015 (gmt 0)

You should consider a new computer

The reference to OpenType fonts immediately points to older computers anyway, since Windows has pretty much given up on the .otf venture.

engine

7:44 pm on Jul 21, 2015 (gmt 0)

Hehe, my xp machine is for testing purposes. ;) all the other windows machines updated fine.

mcneely

9:17 pm on Jul 27, 2015 (gmt 0)

Microsoft should put some curtains on their *Windows, and then close them ... go back to the drawing board and start all over from scratch.

tangor

1:35 am on Jul 28, 2015 (gmt 0)

Open Type is not only supported in Windows, it still comes as installs with the operating system (both Windows and Mac). What this patch fixes is Open Type instructions served from hackers, charged payloads, and bad sites.

Keep your mitts off my Open Type! :)

Seriously, this relates to the growing use of font descritpions being used for layout purposes on websites round the world. And a target at the Google Font initiative which helps that along.

Webmasters who break the bleeding edge in fontography on the web with these services only contribute to the hacker's ability to inject foul stuff on your visitors.

Not saying you shouldn't do the "font thing" to make your site pretty, just know you should harden your site the best way you know how....

Else MS will do it for you. :)