Microsoft rolls out emergency patch for major Windows bug - Techie News (UK and Ireland)

Microsoft has rolled out an emergency patch for a security flaw present in all supported Windows versions, including even Windows 10 Technical Preview, which if exploited will let hackers take remote control of the affected systems.

Redmond usually issues security updates once a month on ‘Patch Tuesday,’ but this out-of-routine update denotes how severe the security lapse was. The flaw was found in the parts of Windows that let the software handle some types of fonts.

“This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts,” Microsoft noted in its security bulletin on the disclosure.

“The security update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts.”

According to Microsoft, the bug, when exploited, would let hackers to easily plant new malicious programs; view, change, or delete data; or even create new accounts on the affected system will full user rights.

Redmond in its security bulletin noted that the vulnerability was already public when it issued the update, but that it “did not have any information to indicate this vulnerability had been used to attack customers”.

“Our analysis has shown that exploit code could be created in such a way that an attacker could consistently exploit this vulnerability,” the software giant said.

The security issue affects almost every major version of Windows including Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.

Windows users, who have automatic updating enabled, will have the update downloaded and installed automatically. While, users who have not enabled automatic updating, or who install updates manually, can download the patch right away via Windows Update.

It is to be noted that neither Windows XP, nor Windows Server 2003, are eligible for updates from Microsoft.

Megha

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Leave a Reply Cancel reply