Microsoft has swiftly put out an out-of-band patch to secure a flaw exploited by Hacking Team, the hacked Italian surveillance software company.
The new out-of-band patch comes after a patch that was incorporated into its 14th July Patch, which patched an elevation of privilege flaw in Windows that Hacking Team had been using in order to help its customers propagate the company's malware.
This move is the latest zero-day security flaw to be uncovered by an analysis of the code that was released when Hacking Team was hacked just over a fortnight ago.
The Microsoft security bulletin explained;
"The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.”
The flaw is applicable to Windows Server 2008, Windows Server 2012, Windows Vista, Windows 7 and Windows 8.
Microsoft continued;
"When this security bulletin was issued, Microsoft had information to indicate that this vulnerability was public but did not have any information to indicate this vulnerability had been used to attack customers.
Tod Beardsley, a security engineering manager at security services company Rapid7, said;
"Today's out-of-band patch, MS15-078 addresses CVE-2015-2426, a bug in the OpenType Font Driver that can lead to remote code execution on effectively all Windows client systems. While this driver, atmfd.dll, handles the font rendering in some Adobe products, it's shipped and signed by Microsoft, and has been for quite a while.
"Because this exposure is in a font renderer, the most common attack scenarios involve an attacker luring a victim to a malicious or compromised website, or enticing a victim to open a malicious attachment.
"Since Microsoft has stated that they have no indication that this vulnerability was used to attack customers, it begs the question, why release an out-of-band patch in the first place? This is an unusual move for Microsoft.
"In any case, users are encouraged to update their Windows clients as soon as practical, and failing a patch and restart, disabling this font rendering service entirely by following the detailed instructions in Microsoft's article, MS15-078."
Microsoft classed the vulnerability as "critical" – which is its highest threat level - as it could be used to hijack a targeted PC.
Follow us on Twitter @ACEComputerSup or like us on Facebook to keep up to date with all of the latest computer news and remember that our experts are only a phone call away on 01902 375 304 if your business requires help with any of your computer needs!
No comments:
Post a Comment