Don’t sit down! Patch ALL Windows AGAIN! Microsoft fixes THIRD Hacking Team hole

21 07 2015

It’s 2015, and bad font files in webpages will still pwn you.

All supported versions of Windows now need to be patched – again – to fix an urgent remote code-execution vulnerability emerging from the ongoing Hacking Team hack fiasco.

Details of the vulnerability were found and reported to Microsoft by security researchers poring over internal memos leaked online from spyware-maker Hacking Team. This follows an elevation-of-privilege hole in Windows and a remote-code execution bug in Internet Explorer 11 that were also uncovered from the Hacking Team files, and patched last week by Microsoft.

This latest serious security flaw (MS15-078) lies within the Windows Adobe Type Manager Library, and can be exploited by attackers to hijack PCs, infect them with malware, and so on. A victim who opens a document or even a webpage that contains a malicious embedded OpenType font file can be attacked thanks to this vulnerability.

Normally, security patches for Microsoft software are released as a bundle on the second Tuesday of every month. Today, the Redmond giant felt compelled to issue an emergency update for its operating system.

The security flaw is potent because Microsoft runs its font drivers in kernel mode, meaning if one of the libraries is fed bad data, the whole operating system can be compromised. Microsoft explained in an advisory:

Read Full Article

Posted from WordPress for Android


Ações

Information

Deixe uma Resposta

Preencha os seus detalhes abaixo ou clique num ícone para iniciar sessão:

Logótipo da WordPress.com

Está a comentar usando a sua conta WordPress.com Terminar Sessão / Alterar )

Imagem do Twitter

Está a comentar usando a sua conta Twitter Terminar Sessão / Alterar )

Facebook photo

Está a comentar usando a sua conta Facebook Terminar Sessão / Alterar )

Google+ photo

Está a comentar usando a sua conta Google+ Terminar Sessão / Alterar )

Connecting to %s




%d bloggers like this: