Microsoft releases critical Windows patch for font driver vulnerability

In an updated security bulletin, Microsoft has announced a patch for a Windows vulnerability in the Microsoft Font Driver that allows remote code execution.

In an updated security bulletin, Microsoft has announced a patch for a Windows vulnerability in the Microsoft Font Driver that allows remote code execution.

What this means is, if you receive a mischievous document with OpenType fonts created using the loopholes in the Microsoft Font Driver, a culprit can remotely inject and execute code in your system including altering, and modifying data on your PC.

Microsoft has termed this patch as critical and recommends users of all versions of Windows, from Windows Vista, 7, 8, Server 2012, and also upcoming Windows 10 (existing builds).

According to a report in ZDNet, "a previously undisclosed flaw in the way Windows handles certain fonts can allow a hacker to take over an entire machine. Users running Windows Vista, Windows 7, 8, 8.1 and Windows RT are all affected, including those running Windows Server 2008 and later. A Microsoft spokesperson confirmed in an emailed statement that Windows 10 Insider Preview is also affected."

The report added, "The 'critical'-rated software update lands almost a week after its scheduled Patch Tuesday where it typically issues security fixes. Microsoft said it believed the flaw was public but did not have any evidence to suggest it was being actively exploited. The patch is available over Windows Update. Security researchers from Google's Project Zero and FireEye were credited with finding the flaw."

This is a major flaw considering the number of users it affects and more importantly at a time when Microsoft is looking at its most important operating system launch.

Tech2 is now on WhatsApp. For all the buzz on the latest tech and science, sign up for our WhatsApp services. Just go to Tech2.com/Whatsapp and hit the Subscribe button.





Top Stories


also see

science