Microsoft pushes out emergency fix for font file Hacking Team hole

Posted on Tuesday, Jul 21 2015 @ 12:20 CEST by Thomas De Maesschalck
Microsoft logo
Tech firms are still rushing to plug holes exposed by the hack of Hacking Team earlier this month. Microsoft already patched two vulnerabilities last week and now it's rolling out a third emergency fix for a vulnerability in the way the Windows Adobe Type Manager Library handles fonts that use Microsoft's OpenType format.

Attackers can use this vulnerability to take complete control of vulnerable computers via booby-trapped-websites or by tricking users into opening malicious files. There are no indication that the vulnerability is being actively exploited in the wild but that could change fast.
The patch comes six days after Microsoft fixed a separate vulnerability in the Adobe Type Manager Font Driver. Despite the similarity to the Windows Adobe Type Manager Library being patched in Monday's emergency release, this appears to be a separate bug. The earlier security bug became public knowledge following the breach two weeks ago of Hacking Team networks and has been actively exploited in the wild, presumably in combination with an Adobe Flash exploit, so attackers could break out of the Google Chrome security sandbox and achieve remote code execution.
If you have Windows Update enabled, your system will update automatically.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments