Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>Microsoft addresses critical Remote Code Execution (RCE) vulnerability in all versions of Windows

Microsoft addresses critical Remote Code Execution (RCE) vulnerability in all versions of Windows


Microsoft has released security updates for all supported releases of Windows including Windows 7, Windows 8, Windows 8.1 and Windows Vista to address a critical OpenType font driver vulnerability (CVE-2015-2426). The vulnerability when successfully exploited, the remote code execution vulnerability can enable an attacker to take full control of the affected system, thus allowing an attacker to install programs, change or delete data, and create accounts with full user rights. There are multiple ways an attacker could exploit this vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage that contains embedded OpenType fonts as described in the security bulletin of Microsoft.
 
Source:
SC Magazine
 
Microsoft Security Bulletin
 
Security Week.com
 
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis