728x90
Microsoft just released a special "out fo band" security bulletin with a patch for a remote code execution vulnerability in Windows' OpenType font drivers. The update replaces a patch released last week (MS15-077). Microsoft rates the vulnerability critical for all currently supported versions of Windows. Microsoft says in it's bulletin, that it had information that the vulnerability was public, but had no indication that it was actively exploited. MS15-077 had been exploited at the time the MS15-077 bulletin was released last week. As a workaround, users may remove the font driver, but this may cause applications that rely on it to not be able to display certain fonts.
| # | Affected | Contra Indications - KB | Known Exploits | Microsoft rating(**) | ISC rating(*) | |
|---|---|---|---|---|---|---|
| clients | servers | |||||
| MS15-078 | Remote Code Execution Vulnerability in Microsoft Font Driver (Replaces MS15-077 ) | |||||
| Adobe Type Manager Library atmfd.dll CVE-2015-2426 | KB 3079904 | Exploits Detected against related vulnerability CVE-2015-2387 (see MS015-077). Vulnerability may have been public. | Severity:Critcal Exploitability: 0 | Critical or PATCH NOW | Important | |
We will update issues on this page for about a week or so as they evolve.
728x90
'취약점 정보1' 카테고리의 다른 글
| BIND Denial of Service Vulnerability Blamed on Windows 2000 Compatibility Code (0) | 2015.08.08 |
|---|---|
| OS X 10.10 DYLD_PRINT_TO_FILE Local Privilege Escalation Vulnerability (0) | 2015.07.23 |
| "Hacking Team"BIOS와 UEFI에 감염 루트킷을 이용하여 자사 제품의 에이전트를 PC에 상주 (0) | 2015.07.19 |
| MS 제품군 7월 정기 업데이트 (0) | 2015.07.17 |
| 자바 업데이트 권고 (0) | 2015.07.17 |