Microsoft issues critical patch for all versions of Windows

By | July 21, 2015
Print pagePDF page

Microsoft issues critical patch for all versions of Windows after flaw found in Hacking Team leak

Source: International Business Times

“Microsoft has issues a critical security update for all versions of Windows to patch a vulnerability that could give hackers complete access to your PC(Reuters)”

Microsoft has taken the unusual step of issuing a critical security update which patches a vulnerability in all versions of Windows that unpatched would leave hundreds of millions of PC users around the world susceptible to attack.

The security flaw would allow a hacker to remotely access your PC and gain “complete control of your system” according to Microsoft. The company typically issues security updates once a month on what is known as Patch Tuesday, but this out-of-band update indicates just how serious this security flaw is.

The vulnerability has been labelled “critical” which is the highest severity rating Microsoft has.

More about cybersecurity

The vulnerability – labelled CVE-2015-2426 – was uncovered by security researchers Mateusz Jurczyk of Google Project Zero, and Genwei Jiang of FireEye who sifted through the leaked cache of documents and source code from Italian surveillance software vendor Hacking Team.

The remote code execution flaw affects all versions of Windows including Windows Vista, Windows 7, Windows 8, Windows 8.1 and Windows RT. The flaw also affects certain versions of the Windows 10 Insider Preview operating system, but six days ago Microsoft released the latest (and final) build of the new software which patched this vulnerability.

Microsoft will want to avoid any major security worries ahead of the consumer launch of Windows 10 next week on 29 July.

In its advisory, Microsoft says: “The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.”

Exploited in the wild

There is no suggestion to date that anyone has managed to exploit the vulnerability in the wild, but considering that everyone from hackers to researchers have been pouring over the Hacking Team data since its leak on 6 July, there is a significant danger for users who don’t update their software.

The vulnerability affects the way Windows Adobe Type Manager Library handles specially-crafted Microsoft OpenType fonts. To exploit the flaw, attackers would have to create a special OpenType document and get the victim to open it on their PC. Alternatively the victim could be redirected to a website with embedded OpenType fonts.

Once exploited, Microsoft says an attacker “could then install programs; view, change, or delete data; or create new accounts with full user rights.”

While the majority of Windows users have automatic updating enabled and will not need to take any action because the update will be downloaded and installed automatically, customers who have not enabled automatic updating, or who install updates manually, can use the links listed here to download and install the update.

Source: International Business Times

 

3 thoughts on “Microsoft issues critical patch for all versions of Windows

  1. Jane Dellinger

    I have Vista and just downloaded the supposed patch! Beware…I could not get back into my computer. Message said my login profile couldn’t load??? So finally did a Safe Mode and went to system restore to get my computer back. Microsoft needs to make sure these patches work and don’t screw up your computer. Any suggestions???

    Reply
    1. infoave Post author

      I have not seen any reports of the latest security patch causing major problems. It sounds to me like this is a local issue. How long has it been since you’ve checked your hard driver or errors? Vista computers have not been available since early 2009 so your computer is getting up there in years – maybe it’s time for good checkup, disk check, malware clean-up etc.

      Normally when there is an issue with a patch it’s all over the news – but I’ve heard nothing. I think Microsoft tests the patches on machines which are much more well maintained and much more powerful than the computers average people use. Microsoft is aware that Windows Update is flawed. They’ve completely changed how updates are delivered in Windows 10.

      Reply
  2. Jane

    Thanks for the info. I know, VISTA is not the best system!!! Just can’t afford to get a new computer at this time 🙂
    I just did scans, no problems. I do have 2 more of your keys…maybe I should have you check out my computer???
    Thanks for getting back to me. I’m just afraid to download the update again. Do you think I should try again? Or just have you check out my computer and then can you do the update for me???

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *