We warned you this morning, but wanted to follow-up with up-to-date information about today's out-of-band (OOB) security release from Microsoft.
The security bulletin is now public and shows a critical vulnerability in the Microsoft Font Driver that could allow Remote Code Execution.
The full security bulletin is here: Microsoft Security Bulletin MS15-078 - Critical
And, the associated KB article is here: MS15-078: Vulnerability in Microsoft font driver could allow remote code execution: July 16, 2015
Per the bulletin…
The security update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts.
Note that this update is for all supported versions of Windows – meaning that since Windows Server 2003 exited support last week, it will NOT receive this patch. Remember, Windows 10 is also not a supported operating system until July 29. However, Windows 10 is also receiving a security update today. The KB is different (3074667), and is listed as a cumulative security update, however it also points to MS15-078 as the associated security bulletin (though the bulletin itself does not state Windows 10 is vulnerable).
The vulnerability patch should now be available through Windows Update. Customers using Automatic Update to keep their systems updated will receive it automatically. For those Enterprises that need to test and stage first, the bulletin provides mitigation techniques which include renaming files and modifying the Windows registry.
Be safe out there.
