A serious vulnerability in all versions of Windows

Microsoft released a security update yesterday that addresses a critical vulnerability in Windows. Using it by an attacker could allow you to remotely take control of the system being attacked and ultimately execute malicious commands.

The critical vulnerability CVE-2015-2426 in the Adobe Type Manager library and marked in MS15-078 can allow an attacker to gain full control of the system, install programs, change and delete data, and create new accounts with full privileges if a user opens a specially crafted document or a website that has embedded OpenType fonts.

Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows 8 and Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT and Windows RT 8.1 are vulnerable to attack.

The update is now available for download in Windows Update.

The editorial office of the Trusted Third Party (Z3S.pl) also mentions that a Pole, Mateusz Jurczyk, who signs himself as "j00ru" is responsible for finding the gap. Mateusz has been dealing with security and malware analysis for many years. Actively participates in bug bounty contests, and since 2011 works for Google as the Information Security Engineer.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.