UPDATE NOW: Critical Patch Pushed by Microsoft

UPDATE NOW: Critical Patch Pushed by Microsoft

Hey Folks,

We wanted to let you know that Microsoft has pushed out a new update in the last 24 hours. Usually updates are held off until “Patch Tuesday” but the severity of the vulnerability they are fixing requires immediate remediation.

The update fixes a serious security flaw found within how Windows products read certain types of fonts.

Basically all that needs to happen is an attacker sends you an office document or directs you to a specific web page with a specific font included.

The attack itself focuses on the Windows Adobe Type Manager Library and how it deals with OpenType fonts, at the end of the day it allows for remote code execution and full on infection if desired.

This is similar to all of the drive-by exploit attacks we warn folks about every week, this time it’s just a different kind of vulnerability.

Anyway, the attack can result in infection of the victim system by malware, any type of malware, so it’s imperative to quickly update your system TODAY. This vulnerability has been discovered in all modern versions of Windows so please update if you can.

If you happen to click the above link and don’t see your version, Microsoft has this to say:

" Versions or editions that are not listed are either past their support life cycle or are not affected"

So all of you running XP might be safe or are just not getting updated, I would go with the latter.

Thanks for Reading and Safe Surfing!

ABOUT THE AUTHOR

Adam Kujawa

Director of Malwarebytes Labs

Over 14 years of experience fighting malware on the front lines and behind the scenes. Frequently anachronistic.