Posted by MinO | 0 comments

Σοβαρή ευπάθεια των Windows στο Font Driver αποκαλύπτεται από την διαρροή της Hacking Team


Κι άλλη ευπάθεια από το χρυσωρυχείο που είχε το Hacking Team. Μέσω αυτής της ευπάθειας αν κάποιος χρήστης ανοίξει ειδικά διαμορφωμένο αρχείο ή μπει σε σελίδα που έχει embeded OpenType Fonts μπορεί να εκτελεστεί απομακρυσμένα κακόβουλος κώδικας.


Επηρεαζόμενες εκδόσεις Windows:


  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows Server 2008 R2
  • Windows 8 and Windows 8.1
  • Windows Server 2012 and Windows Server 2012 R2
  • Windows RT and Windows RT 8.1
  • Server Core installation option
Executive Summary

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.

This security update is rated Critical for all supported releases of Microsoft Windows. For more information, see the Affected Software section.

The security update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts. For more information about the vulnerability, see the Vulnerability Information section. For more information about this update, see Microsoft Knowledge Base Article 3079904.

Suggested actions. The majority of customers have automatic updating enabled and will not need to take any action because the update will be downloaded and installed automatically. Customers who have not enabled automatic updating, or who install updates manually, can use the links in the Affected Software section to download and install the update. See Microsoft Knowledge Base Article 3079904 for more information.

Περισσότερα στο σχετικό bulletin της Microsoft

[via]

0 comments: