Jump to content

Microsoft Issues Critical, Out-of-Band Patch for All Versions of Windows


Recommended Posts

Folks I would do this update today ASAP




"Microsoft released an out-of-band patch Monday that addresses a critical remotely exploitable flaw in all versions of Windows.


The vulnerability stems from how Windows’ Adobe Type Manager Library handles OpenType fonts. If a user was tricked into either opening a rigged document or visiting an untrusted website that contains embedded OpenType fonts, it could open their machine up to remote code execution.


According to a security bulletin (MS15-078) corresponding to the vulnerability at Microsoft’s Security Tech Center, all supported versions of Windows should receive the patch. Windows Server 2003, which stopped receiving support last week, will not receive the patch.


Microsoft stresses that it’s possible for an attacker to “consistently exploit” the vulnerability by creating their own exploit code.


“When this security bulletin was issued, Microsoft had information to indicate that this vulnerability was public but did not have any information to indicate this vulnerability had been used to attack customers,” the bulletin reads. Still though, an attacker could leverage the vulnerability to take complete control of a system – meaning they could be given the ability to install programs, view, and change or delete data, along with the ability to create new accounts with full user rights.


Microsoft is encouraging users who don’t have automatic updates enabled to apply the fix as soon as possible but points out that there are several viable workarounds that may be helpful for end users who can’t right away."


The workarounds and more are at: https://threatpost.com/microsoft-issues-critical-out-of-band-patch-for-all-versions-of-windows/113866#sthash.y6k0h77A.dpuf

Link to comment
Share on other sites

And this:




"The software giant said in an advisory Monday that the vulnerability, if exploited, could "allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts."


"An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," the advisory added.


In other words, a previously undisclosed flaw in the way Windows handles certain fonts can allow a hacker to take over an entire machine.


Users running Windows Vista, Windows 7, 8, 8.1 and Windows RT are all affected, including those running Windows Server 2008 and later."


More here: http://www.zdnet.com/article/microsoft-releases-emergency-patch-for-critical-windows-flaw/?tag=nl.e589&s_cid=e589&ttag=e589&ftag=TREc64629f

Link to comment
Share on other sites

"Users running Windows Vista, Windows 7, 8, 8.1 and Windows RT are all affected, including those running Windows Server 2008 and later."


It is for all versions from Vista to 7 to 8 to 8.1. Get it. Harry why haven't you upgraded to 8.1 yet?

Link to comment
Share on other sites

No I think it will remain a separate but similar Phone OS which will get its own updates. The computer and the Phone updates are still different animals. A few years down the road who knows? But they will be designed to "feel" the same.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

This topic is now closed to further replies.
RVers Online University


Our program provides accurate individual wheel weights for your RV, toad, and tow vehicle, and will help you trim the pounds if you need to.

Dish For My RV.

RV Cable Grip

RV Cable Grip

All the water you need...No matter where you go

Country Thunder Iowa

Nomad Internet

Rv Share

RV Air.

Find out more or sign up for Escapees RV'ers Bootcamp.

Advertise your product or service here.

The Rvers- Now Streaming

RVTravel.com Logo

  • Create New...