??
Hello, we are Microsoft Greater China Security Support team.
Microsoft released an unscheduled update patch on July 21, 2015 in Beijing time. This patch is critical for all supported versions of Windows systems. A security vulnerability in an OpenType font driver was fixed in the patch. The vulnerability could cause remote code execution if a user opens a specially crafted file that contains the font or a malicious Web page. The vulnerability has been publicly disclosed, but Microsoft has not yet found an attack to exploit the vulnerability.
Announcement identification |
Microsoft Security Bulletin ms15-078 |
Announcement Title |
Vulnerability in Microsoft font driver could lead to remote code execution |
Summary |
The security update fixes a security vulnerability in an OpenType font driver. The vulnerability could cause remote code execution if a user opens a specially crafted file that contains the font or a malicious Web page. The security update addresses the vulnerability by correcting the way that the Windows Adobe Type Library Manager handles OpenType fonts. |
Severity ratings and affected products |
This patch is critical for all supported versions of Windows systems. |
Attack path |
An attacker would typically persuade a user to open a specially crafted file or Web page that contains an OpenType font to exploit the vulnerability. |
Mitigating Factors |
An attacker would need to persuade a user to open a specially crafted file. |
Restart requirements |
Reboot required |
More information |
https://technet.microsoft.com/zh-cn/library/security/ms15-078 |
Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.
20150721, Microsoft July 21 released an unplanned security patch