Admittedly it seems that not a day goes by at the moment without some vulnerability or patch being announced and it’s pretty tricky to keep on top of it all, but this one is a stinker with an easy fix so pay attention!
Microsoft has released a security patch for the serious security flaw announced last night. Whilst it can’t be exploited remotely, it could let the bad guys into your server if you fall for a phoney website.
The issue lies in booby-trapped webpages/attachments and the way that browsers read fonts and, because of the way Microsoft runs its font drivers, if one library is compromised the whole operating system could be. If it’s not patched and you fall for one of these shady websites’ tricks or dodgy email attachments, you could hand control of the whole operating system to the hackers – allowing them to not only read all of your data, but to change and delete it too; or to create new accounts with full user rights.
The tech behind the MS15-078 flaw is within Windows Adobe Type Manager Library. Exploiting this, hackers can take over PCs or servers – all because a document or webpage that’s hiding an embedded OpenType font file was opened. (Reminder: don’t open any email attachments that you don’t know the origin of!)
The simple fix is to run the patch. Microsoft roll out their patches as standard on the second Tuesday of the month but, as this is an emergency patch, we’re recommending that you run this update as soon as possible – and on your home PC too – just to be on the safe side.
There’s no evidence at the moment that says the vulnerability has been exploited to target the public. The flaw was spotted by security researchers digging through the Hacking Team data dump, leaked online a few weeks ago.
So, don’t panic, just patch.