The latest of a number of vulnerabilities disclosed in the massive data breach affecting the Italian hackers-for-hire firm Hacking Team has led to Microsoft publishing an urgent security update for its Windows operating system. The company usually publishes security updates on the second Tuesday of every month, but moved to issue an out-of-band patch for the new vulnerability yesterday since it could facilitate remote code execution, providing attackers with complete control over a targeted computer.
While Microsoft said it did not have any information to indicate the vulnerability had been used in attacks in the wild, its analysis found that exploit code “could be created in such a way that an attacker could consistently exploit this vulnerability.”
The Microsoft Windows OpenType Font Driver Remote Code Execution Vulnerability (CVE-2015-2426) relates to how the Windows Adobe Type Manager Library handles specially crafted OpenType fonts. Exploiting the vulnerability could grant an attacker complete control of the victim’s computer. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Successful exploit of a vulnerable computer is relatively straightforward. The attacker simply has to trick the victim into visiting a malicious website that contains embedded OpenType fonts. Alternatively, the victim could be tricked into opening a specially crafted document. Aside from this, no further user interaction would be required from the victim.
Given the nature of this vulnerability, it can be expected that attackers will move quickly to incorporate it into exploit kits to target Windows users who are slow to patch their software. Windows users are thus advised to update their computers immediately.
Symantec and Norton products detect the proof-of-concept exploit with the following detections:
We will continue to investigate this vulnerability and provide more details as they become available.