Special Microsoft Bulletin Patching Remote Code Execution Flaw in OpenType Font Drivers
Microsoft just released a special "out fo band" security bulletin with a patch for a remote code execution vulnerability in Windows' OpenType font drivers. The update replaces a patch released last week (MS15-077). Microsoft rates the vulnerability critical for all currently supported versions of Windows. Microsoft says in it's bulletin, that it had information that the vulnerability was public, but had no indication that it was actively exploited. MS15-077 had been exploited at the time the MS15-077 bulletin was released last week. As a workaround, users may remove the font driver, but this may cause applications that rely on it to not be able to display certain fonts.
# | Affected | Contra Indications - KB | Known Exploits | Microsoft rating(**) | ISC rating(*) | |
---|---|---|---|---|---|---|
clients | servers | |||||
MS15-078 | Remote Code Execution Vulnerability in Microsoft Font Driver (Replaces MS15-077 ) | |||||
Adobe Type Manager Library atmfd.dll CVE-2015-2426 |
KB 3079904 | Exploits Detected against related vulnerability CVE-2015-2387 (see MS015-077). Vulnerability may have been public. | Severity:Critcal Exploitability: 0 |
Critical or PATCH NOW |
Important |
We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
- We use 4 levels:
- PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
- Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
- Important: Things where more testing and other measures can help.
- Less Important patches for servers that do not use outlook, MSIE, word etc. to do traditional office or leisure work.
- The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threats.
Keywords:
11 comment(s)
My next class:
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
×
Diary Archives
Comments
Anonymous
Jul 20th 2015
9 years ago
Anonymous
Jul 20th 2015
9 years ago
Sounds as if this is different iteration of a issue patched with MS15-077 which was applicable to Server 2003 just a few days ago prior to the EoL support. Also, all other versions of Windows are impacted, so again, highly likely.
Anonymous
Jul 20th 2015
9 years ago
Anonymous
Jul 20th 2015
9 years ago
However a reddit user says that it's a pool overflow bug, judging by bindiff results https://www.reddit.com/r/netsec/comments/3dyuwv/ms15078_remote_code_execution_in_all_versions_of/cta3lsx
Does anyone know what is really going on?
Anonymous
Jul 21st 2015
9 years ago
Anonymous
Jul 21st 2015
9 years ago
FireEye Reference = http://www.csoonline.com/article/2950239/vulnerabilities/microsoft-releases-out-of-band-patch-for-all-versions-of-windows.html
TrendMicro Reference = http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-leak-uncovers-another-windows-zero-day-ms-releases-patch/
In the end, I don't think it really matters where it came from. It's a vulnerability that needs to be patched. I have a feeling us in the InfoSec community are going to be dealing with an influx of these vulnerabilities in the coming weeks due to the Hacking Team breach and new information coming to light. Suppose it's better than letting the vulnerabilities continue to run in the wild though.
Anonymous
Jul 21st 2015
9 years ago
Anonymous
Jul 21st 2015
9 years ago
Everybody can query the Microsoft Update Catalog:
https://catalog.update.microsoft.com/v7/site/ScopedViewInline.aspx?updateid=ce9ea6ce-981c-4812-8895-baae01efb307
Anonymous
Jul 21st 2015
9 years ago
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers]
"Adobe Type Manager"=-
Anonymous
Jul 21st 2015
9 years ago