Microsoft patches bug in Windows in the meantime
Microsoft has released a patch for Windows in the meantime, shortly after last week’s Patch Tuesday. The vulnerability allows an attacker to run proprietary code on a system through a font driver.
Microsoft has released patches for all recent desktop versions of Windows, including 7, 8, and 8.1. An update has also been released for the server versions of Windows, as well as for Windows RT and Windows RT 8.1, which run on ARM processors. The test version of Windows 10 will also receive an update.
It’s not often that Microsoft deviates from its Patch Tuesday schedule and releases a patch in the meantime. This patch also follows shortly after last week’s Patch Tuesday. This is therefore a serious security problem, which allowed the attacker to take full control of a Windows system remotely.
This is a vulnerability in an OpenType font driver, which could be exploited by loading a specially prepared font. That explains the seriousness of the problem: font drivers run on Windows at the kernel level. The security issue was found by researchers at FireEye and Google.