Patch/Configuration Management, Vulnerability Management

Microsoft addresses critical RCE vulnerability in all versions of Windows

Microsoft on Monday released security updates for all supported releases of Windows – including Windows 7, Windows 8, Windows 8.1 and Windows Vista – to address a critical OpenType font driver vulnerability.

If successfully exploited, the remote code execution (RCE) vulnerability – CVE-2015-2426 – can enable an attacker to take full control of the affected system, a security bulletin indicated, explaining that the attacker could install programs, change or delete data, and create accounts with full user rights.

“There are multiple ways an attacker could exploit this vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage that contains embedded OpenType fonts,” the security bulletin said.

Microsoft indicated it has information that the vulnerability was public prior to the security bulletin being issued, but not that it was used against customers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.