Microsoft has released an out-of-band emergency patch for a zero-day vulnerability across all Windows operating system releases, discovered in the trove of data leaked from grey-hat organisation Hacking Team.
When Hacking Team's server was breached and gigabytes of the company's internal data made public, it was bad news for everyone. Already, three zero-day vulnerabilities in Adobe Flash were made public as a result of the attack, and now it's Windows' turn with Microsoft releasing an out-of-band emergency patch for another zero-day discovered in the group's trove.
Embarrassingly, the flaw can once again be traced back to Adobe: the vulnerability lies not in Windows itself, but with the bundled Windows Adobe Type Manager Library which is used for rendering OpenType fonts. 'The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts,' Microsoft explained in its bulletin announcing the patch. 'This security update is rated Critical for all supported releases of Microsoft Windows,' the company continued, including Windows 10 Build 10240 - the version believed to represent the Release to Manufacturing (RTM) gold master of the upcoming operating system.
The precise severity of the flaw is clear from Microsoft's decision to break from its usual monthly Patch Tuesday update cycle in order to get the patch out to users as quickly as possible. Those with automatic updates configured need do nothing; others should visit Microsoft's Knowledge Base for details on the flaw and manual patch installation.
When Hacking Team's server was breached and gigabytes of the company's internal data made public, it was bad news for everyone. Already, three zero-day vulnerabilities in Adobe Flash were made public as a result of the attack, and now it's Windows' turn with Microsoft releasing an out-of-band emergency patch for another zero-day discovered in the group's trove.
Embarrassingly, the flaw can once again be traced back to Adobe: the vulnerability lies not in Windows itself, but with the bundled Windows Adobe Type Manager Library which is used for rendering OpenType fonts. 'The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts,' Microsoft explained in its bulletin announcing the patch. 'This security update is rated Critical for all supported releases of Microsoft Windows,' the company continued, including Windows 10 Build 10240 - the version believed to represent the Release to Manufacturing (RTM) gold master of the upcoming operating system.
The precise severity of the flaw is clear from Microsoft's decision to break from its usual monthly Patch Tuesday update cycle in order to get the patch out to users as quickly as possible. Those with automatic updates configured need do nothing; others should visit Microsoft's Knowledge Base for details on the flaw and manual patch installation.
RELATED ARTICLES
New roll-up patches not going smoothly.
Delays and clipping, Microsoft admits.
No more per-patch flexibility.
Like giving away all your passwords.
Data stored in an insecure fashion.
Decades-old vulnerability discovered.
Charges £11.59 for it, though.
Spreads via malicious peripherals.
Bargain licences for lucky punters.
Users 'having their choices ignored.'
Bug fixes, DirectX 12 support and more.
Concentrating on Win 10 proper for now.
Fixed in 10.11 Beta.
Nokia dragging the books into the red.
Facebook chief calls for EOL.
Alleged attacker demands payment.
To prevent bad drivers, Samsung claims.
Microsoft refuses to patch.
It's Freak all over again.
Up to $15,000 up for grabs.
WEEK IN REVIEW
TOP STORIES
SUGGESTED FOR YOU
Site Links
© Copyright bit-tech
Want to comment? Log in.
QUICK COMMENT