Security Alert (A15-07-09): Vulnerability in Microsoft Windows

Description:

A vulnerability is identified in Microsoft Windows that could be exploited to compromise an affected system. Due to an error when Windows Adobe Type Manager Library handles OpenType fonts, an attacker could exploit to take control of the system if a user opens a specially crafted document or visit a webpage that contains embedded OpenType fonts.

Affected Systems:

• Microsoft Windows Vista, 7, 8, 8.1, RT, RT 8.1
• Microsoft Windows Server 2008, 2012

Impact:

A successful attack could lead to remote arbitrary code execution.

Recommendation:

Patches for affected products are available from the Microsoft Update website. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

• Microsoft Update
  This link will open in a new windowhttp://update.microsoft.com/microsoftupdate

More Information:

This link will open in a new windowhttps://technet.microsoft.com/en-us/library/security/MS15-078
This link will open in a new windowhttps://www.us-cert.gov/ncas/current-activity/2015/07/20/Microsoft-Releases-Security-Update
This link will open in a new windowhttps://www.hkcert.org/my_url/en/alert/15072101
This link will open in a new windowhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2426