Microsoft today released an emergency out-of-band critical update KB3079904 for Windows Vista and higher today (including Windows RT and Server). Make sure to run Windows Update manually as soon as possible if you don’t have automatic updates turned on and make sure your system is patched.
According to Microsoft: “This security update resolves a vulnerability in Windows that could allow remote code execution if a user opens a specially crafted document or goes to an untrusted webpage that contains embedded OpenType fonts.”
The Microsoft Security advisory site provides additional details:
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Microsoft says it’s not aware of any customers being attacked yet, but because it released this patch today, the company appears to feel it’s potentially a serious problem.
If you’re an IT admin, read the Microsoft Security advisory page for details about workarounds you can use if it’s not possible to roll out the patch throughout your company system.
Remember, if you’re still running XP for some reason, you are out of luck for this patch. In fact, you shouldn’t be running XP anyway, at all, it’s a security disaster waiting to happen.
Installed… No hiccups…yet! P.s What does Microsoft mean when it says update “out of band”?
No problems with this kb to date. Fingers crossed!
Hundreds of Microsoft’s bugs, perhaps the majority “allow remote code execution” that allow viruses to take over systems. Is Microsoft intelligent enough to see a pattern and fix the pattern? So far, the answer appears to be no, but this could change with the first conscientious upper manager they hire.
Windows XP is safe to use if you confine your XP computers to offline applications and visiting known safe sites only, or using the Intenet more directly (for example, transferring files using Dropbox). Also, Emsisoft will support XP at least into 2016. AVG has not yet (I believe) announced a date at which it will drop XP support. Kaspersky Labs says actual XP usage has reduced only a little, so they will continue to offer antivirus support.
If you must use a browser on XP, at least stay away from Internet Explorer. And consider installing Linux on your XP computer for a new lifetime of usage.