Categories: CyberCrimeSecurity

Microsoft Emergency Patch Fixes Rogue Font Hacking Team Vulnerability

Microsoft has rushed to fix a ‘critical’ remote execution flaw discovered in files related to the attack on controversial Italian surveillance tools developer Hacking Team, and has released a patch for all supported versions of Windows.

According to a Microsoft advisory, a rogue, specially crafted font could allow an attacker to gain access to an affected system – a threat deemed serious enough for the company to release a patch outside the usual Patch Tuesday update cycle.

Windows Update

“A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts,” said Microsoft. “An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

“There are multiple ways an attacker could exploit this vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage that contains embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts.”

Microsoft says it believes information about the vulnerability is in the public domain, but is not aware of any incidents of it being exploited in the wild. The most recent Patch Tuesday fixed two zero-day vulnerabilities found in 400GB worth of files uncovered in the Hacking Team attack.

This latest update is available for Windows Vista, 7, 8 and RT as well as Windows Server 2008, but not Windows XP or Windows Server 2003, support for both of which has ended. If an administrator is unable to patch immediately, Microsoft’s advisory does provide a number of workarounds for supported systems.

Are you a security pro? Try our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

46 mins ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

18 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

20 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

22 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

22 hours ago