Microsoft releases Windows OpenType Font Engine patch

Lone security bulletin is critical for Windows 2000 users.

Microsoft issued a single bulletin Tuesday, patching a critical vulnerability in Embedded OpenType Font Engine on Windows 2000.

The MS10-001 bulletin, which affects all versions of Windows, was given a critical rating for Windows 2000 because it repairs a vulnerability that could be exploited by an attacker to run malicious code, steal sensitive data and take complete control of a victim's machine. On newer systems, an attacker would only have the ability to crash the machine.

Microsoft updates:
Dec. - Microsoft gives Internet Explorer a major security overhaul: The final regular Microsoft update of 2009 repairs five critical vulnerabilities in IE and blocks public exploit code, which surfaced in November. 

Nov. - Microsoft patches serious Windows kernel flaws: Vulnerabilities in several Windows kernel drivers could be remotely exploited to gain complete access to a system.

Oct. - Microsoft addresses critical SMBv2 flaw, fixes record number of flaws: Microsoft addressed three critical vulnerabilities in Windows Server Message Block. Thirteen bulletins addressed a record 34 flaws.

The software giant said an attacker can remotely target a Windows 2000 user by tricking them into viewing embedded OpenType fonts in Internet Explorer, Microsoft Office PowerPoint or Word.

"Several mitigations are in place to help prevent the likelihood of exploitation on newer systems," wrote Microsoft's Jerry Bryant on the Microsoft Security Response Center blog.

In addition, Microsoft rereleased MS09-035, the Active Template Library security bulletin pushed out as an emergency patch in July. The update adds Windows Embedded CE 6.0 as an affected product. It affects developers of products that run on top of Windows Embedded CE 6.0.

The July out-of-band update addressed flaws in the ATL that affect Internet Explorer and Visual Studio. Microsoft has been working with other software makers to address programs built inside of Visual Studio, which could be potentially vulnerable as well.

Adobe Flash Player update
Microsoft also released a security advisory Tuesday warning Windows XP users to upgrade Adobe Flash Player to the latest version. Windows XP ships with Adobe Flash Player 6, which contains multiple remote code execution vulnerabilities and should be removed.

This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close