determined - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Microsoft releases out-of-band patch for Windows zero-day

A Windows zero-day affecting a wide swath of Microsoft products has been found in the Hacking Team data leak, so Microsoft has released an out-of-band patch to fix the vulnerability.

Microsoft has released a rare, out-of-band patch to resolve a Windows zero-day vulnerability that could allow for privilege escalation or remote code execution.

MS15-078 has been added to the list of patches released as part of last week's Patch Tuesday. The vulnerability is found in how the Windows Adobe Type Manager Library handles OpenType fonts and can be exploited with a specially crafted document or by luring a victim to a malicious Web site.

The patch has been released for all supported versions of Windows. However, Mooney Li, threat analyst for Trend Micro Inc., noted in a blog post that "the fixes in this bulletin supersede those in MS15-077, which included Windows Server 2003 -- which is not a part of this patch. Therefore, it is likely that the now-unsupported server OS is also at risk."

If Windows Server 2003 is affected by this vulnerability, it would pose a serious risk to enterprises that did not finish upgrades before last week's end-of-life deadline.

According to Robert Brown, director of services at Verismic Software Inc., "There are already reports coming in that this vulnerability is being actively exploited, so IT managers should be designing their repair strategy as their highest priority.

"What will probably give the IT manager the largest headache is that this update requires a reboot in order to become effective," Brown said. "For large, disperse environments, the reboot can be the hardest thing to achieve without receiving negative perception from users – and even with the patch installed, unless you reboot, you are still exposed, so a forced reboot is critical."

Next Steps

Learn more about the Hacking Team breach and data leak

Dig Deeper on Microsoft Patch Tuesday and patch management

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Will Microsoft be forced to backtrack and patch the deprecated Windows Server 2003?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close