OpenType Font Driver Vulnerability – CVE-2015-2426
Microsoft has identified a vulnerability which impacts all versions of Microsoft Windows which could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.
For Home Users and Organizations without Dedicated IT Staff
If you do not have automatic updating enabled, go to Windows Update, download and install updates. If you have automatic updates enabled, no action is necessary. It’s that easy.
For IT Professionals
This small update requires a reboot so please plan accordingly.
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.This security update is rated Critical for all supported releases of Microsoft Windows. For more information, see the Affected Software section.The security update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts. For more information about the vulnerability, see the Vulnerability Information section. For more information about this update, see Microsoft Knowledge Base Article 3079904.Suggested actions. The majority of customers have automatic updating enabled and will not need to take any action because the update will be downloaded and installed automatically. Customers who have not enabled automatic updating, or who install updates manually, can use the links in the Affected Software section to download and install the update. See Microsoft Knowledge Base Article 3079904 for more information.
For more information, users can visit https://technet.microsoft.com/library/security/MS15-078 to find other methods of preventing this issue.