Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses one new Out of Band Microsoft Security Bulletin. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-624 on Tuesday, July 21st.

 

MS15-078

OpenType Font Driver Vulnerability CVE-2015-2426

MS15-078

Microsoft has released an OOB update to the Adobe Type Manager Library. ATMFD.dll (Adobe Type Manager Font Driver) contains a vulnerability when processing specially crafted OpenType fonts that could lead to code execution. This vulnerability could be exploited via a web page that embeds a malicious font. This update replaces the MS15-077 bulletin that was released just last week.

It’s important to keep in mind that Windows Server 2003 support ended on Patch Tuesday and, as of now, that means that a patch for this vulnerability is not available for that operating system. Microsoft has, in the past, released an unexpected update after the end of life of an operating system (for example: Windows XP and MS14-021).

 

As always, VERT recommends that you apply all the patches as soon as possible but also that you fully vet patches (when possible) before applying them to production systems.

 

Ease of Use (Published Exploits) to Risk Table:

Automated Exploit
Easy
Moderate
MS15-078
Difficult
Extremely Difficult
No Known Exploit
Exposure
Local
Availability
Local
Access
Remote
Availability
Remote
Access
Local
Privileged
Remote
Privileged