It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Microsoft Releases Emergency Patch ... All Versions
page: 17
share:
ZDNet: Microsoft Releases Emergency Patch
Microsoft releases emergency patch for all versions of Windows
The flaw, which also affects Windows 10, allows a hacker to take over a machine.
...
The software giant said in an advisory Monday that the vulnerability, if exploited, could "allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts."
"An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," the advisory added.
for all versions of Windows
-
Fonts Are Remotely Exploitable
Proprietary software is so bad that even fonts are a huge risk. This isn’t the first such incident.
It serves also as a reminder for GNU/Linux users because some users continues to install proprietary software from Adobe, despite Free/libre alternatives being equally potent.
-
Observable Keywords:
Attacker ... Vulnerability ... Exploited ???
( or words to use when describing an ... ai-victim ? )
.
edit on 21-7-2015 by FarleyWayne because: (no reason given)
I have no idea what you're on about with your "keywords" or what an "ai-victim" is, but this sounds like a typical security patch...
MICROSOFT RELEASES A PATCH!!!
Stop the presses…. Tell me it isn't so….
You mean Windows is not secure?!
Stop the presses…. Tell me it isn't so….
You mean Windows is not secure?!
originally posted by: notmyrealname
MICROSOFT RELEASES A PATCH!!!
Stop the presses…. Tell me it isn't so….
You mean Windows is not secure?!
Lol Thats why Linux is way better.
Though scary when it makes headlines, these things are discovered all the time, and all over the ace (web browsers, phones, software, etc).
It's a good thing that people dedicate their profession to finding these holes and vulnerable areas.
This is a perfect example of a true hacker by the way.
It's a good thing that people dedicate their profession to finding these holes and vulnerable areas.
This is a perfect example of a true hacker by the way.
automatic updates are my friend....get them all the time....but, you know....that's how we stupid people that are called "sheeple"...respond to these
type of attacks....
First I have heard of dangerous fonts, have heard of some image files doing some pretty nasty things at times as well. Do need to use some care when
travelling the internet.
a reply to: FarleyWayne
This concerns the OpenType fonts implemented by Adobe but other font technologies have vulnerabilities.
The true-type font rendering engine has been vulnerable since its implementation. This is because the fonts themselves are able to carry code.
When you scale a TT font close to the pixel limit of the display, you can no longer simply reduce the outline, but must cut slivers from the font to reduce it down and retain readability.
The issue arises from determining which slivers of pixels are important and which are perceptually inconsequential. The designer of the font is supposed to put in code which determines what to loose, based upon the aesthetics of human perception. The font definition contains space in which to place that code.
The code need not even be rendering related, anything can be placed there and the standard mechanisms for forcing execution of embedded code be used.
This would not be an issue except that fonts may legitimately be embedded into a document (to ensure the portability of the document and that it appears the same in all circumstances), this then provides a mechanism for propagating that code.
In the '70's I wrote a demo program that used ASCII character coding via ANSI.SYS (part of DOS) to call the DEBUG program, compile its own code and execute it. This was to demonstrate how benign appearing carriers can be co-opted to introduce malicious code. (Fortunately, back then, exploits weren't broadcast over the web for script kiddies to use).
This concerns the OpenType fonts implemented by Adobe but other font technologies have vulnerabilities.
The true-type font rendering engine has been vulnerable since its implementation. This is because the fonts themselves are able to carry code.
When you scale a TT font close to the pixel limit of the display, you can no longer simply reduce the outline, but must cut slivers from the font to reduce it down and retain readability.
The issue arises from determining which slivers of pixels are important and which are perceptually inconsequential. The designer of the font is supposed to put in code which determines what to loose, based upon the aesthetics of human perception. The font definition contains space in which to place that code.
The code need not even be rendering related, anything can be placed there and the standard mechanisms for forcing execution of embedded code be used.
This would not be an issue except that fonts may legitimately be embedded into a document (to ensure the portability of the document and that it appears the same in all circumstances), this then provides a mechanism for propagating that code.
In the '70's I wrote a demo program that used ASCII character coding via ANSI.SYS (part of DOS) to call the DEBUG program, compile its own code and execute it. This was to demonstrate how benign appearing carriers can be co-opted to introduce malicious code. (Fortunately, back then, exploits weren't broadcast over the web for script kiddies to use).
originally posted by: PrimeAutobot
originally posted by: notmyrealname
MICROSOFT RELEASES A PATCH!!!
Stop the presses…. Tell me it isn't so….
You mean Windows is not secure?!
Lol Thats why Linux is way better.
Linux uses OpenType and TrueType fonts and is therefore vulnerable.
a reply to: FarleyWayne
I really have no idea what this topic is about, and yes I have read it. I still use Windows 7 ad my comp is 6-7 years old. I have had the white flag of uprgarde death for several months on my toolbar warning me that I should uprage to 10 when it comes out. But a strange thing happened to me today that hasn't happned ever. I was unable to connect to the Net, whereas other devices were able to in my house, just not my laptop. I know how to get around such things and the protocol to take, but it was my comp and not my router or wireless, I could not do IPCONFIG or anything, it would not open.
I ran multiple scans and security tests and there was nothing, it just came back saying my IP was fraudulent, and yet I dismissed all firewalls and security and such. after 6 restarts and 5 hours of brainstorming it suddenly worked. I was about to do a full system restore as a last cause and spent an hour backing up what I havent for the last 2 months, but it finally worked, And I have no answer to why it did. The strangest computer problem that just happened to fix itself over time, it doesnt make sense. Even my screen went out saying I didn't have the driver to operate my screen at first. After restart and troubleshooting it kept coming back that my IP would not work for my router or connection.
At least after several hours of cleaning up my comp it runs faster but it doesn't explain why all of a sudden the internet just connects no and didn't before, I was unable to fix it or adjust my IP to fix it since IPCONFIG would just flash and go away even after adminastrator etc. F windows, even after I said F Linux.
I really have no idea what this topic is about, and yes I have read it. I still use Windows 7 ad my comp is 6-7 years old. I have had the white flag of uprgarde death for several months on my toolbar warning me that I should uprage to 10 when it comes out. But a strange thing happened to me today that hasn't happned ever. I was unable to connect to the Net, whereas other devices were able to in my house, just not my laptop. I know how to get around such things and the protocol to take, but it was my comp and not my router or wireless, I could not do IPCONFIG or anything, it would not open.
I ran multiple scans and security tests and there was nothing, it just came back saying my IP was fraudulent, and yet I dismissed all firewalls and security and such. after 6 restarts and 5 hours of brainstorming it suddenly worked. I was about to do a full system restore as a last cause and spent an hour backing up what I havent for the last 2 months, but it finally worked, And I have no answer to why it did. The strangest computer problem that just happened to fix itself over time, it doesnt make sense. Even my screen went out saying I didn't have the driver to operate my screen at first. After restart and troubleshooting it kept coming back that my IP would not work for my router or connection.
At least after several hours of cleaning up my comp it runs faster but it doesn't explain why all of a sudden the internet just connects no and didn't before, I was unable to fix it or adjust my IP to fix it since IPCONFIG would just flash and go away even after adminastrator etc. F windows, even after I said F Linux.
a reply to: FarleyWayne
I would suggest the actual is opposite to the claimed.
I don't trust Microsoft at all. No company, no matter how big is able to resist the power of the American industrial military complex, or the regulatory, financial, diplomatic and influential power of the American govt.
I would suggest the actual is opposite to the claimed.
I don't trust Microsoft at all. No company, no matter how big is able to resist the power of the American industrial military complex, or the regulatory, financial, diplomatic and influential power of the American govt.
originally posted by: Azureblue
a reply to: FarleyWayne
I would suggest the actual is opposite to the claimed.
I don't trust Microsoft at all. No company, no matter how big is able to resist the power of the American industrial military complex, or the regulatory, financial, diplomatic and influential power of the American govt.
OK, you don't trust Microsoft. Fine. What about the millions of people who can verify the vulnerability exists as stated, and who go through every patch with a fine-toothed comb? Do you not trust them either?
a reply to: FarleyWayne
Isn't that the way Microsoft works? their OS has always been crappy that is why vulnerability patches are always releases like band aids to keep their OS working without falling apart at the seams.
Nothing new just the same old same.
Isn't that the way Microsoft works? their OS has always been crappy that is why vulnerability patches are always releases like band aids to keep their OS working without falling apart at the seams.
Nothing new just the same old same.
new topics
-
Would Democrats Be in Better Shape if They Had Replaced Joe Biden with Kamala Harris in July 2024.
US Political Madness: 3 hours ago -
President Biden is Touring Africa. Why?
Politicians & People: 7 hours ago -
CIA Whistleblower Kevin Shipp claims CIA was involved in MH370's disappearance
General Conspiracies: 7 hours ago -
US spent $151 BILLION on illegal immigration in 2023 alone: DOGE
US Political Madness: 8 hours ago -
Liven things up with some COMMUNITY!
General Chit Chat: 8 hours ago -
Russian Disinformation Campaign Claims Stalker 2 Is Used To Locate Ukraine War Conscripts
Mainstream News: 10 hours ago -
It's time to dissect the LAWFARE
Dissecting Disinformation: 11 hours ago
top topics
-
It's time to dissect the LAWFARE
Dissecting Disinformation: 11 hours ago, 11 flags -
South Korea declares martial law for first time in 50 years over North Korea threat
World War Three: 17 hours ago, 9 flags -
Happy Birthday OZZY
Music: 15 hours ago, 9 flags -
Liven things up with some COMMUNITY!
General Chit Chat: 8 hours ago, 8 flags -
Chinese national busted in LA sending weapons to NK
World War Three: 15 hours ago, 5 flags -
US spent $151 BILLION on illegal immigration in 2023 alone: DOGE
US Political Madness: 8 hours ago, 5 flags -
CIA Whistleblower Kevin Shipp claims CIA was involved in MH370's disappearance
General Conspiracies: 7 hours ago, 4 flags -
President Biden is Touring Africa. Why?
Politicians & People: 7 hours ago, 4 flags -
Russian Disinformation Campaign Claims Stalker 2 Is Used To Locate Ukraine War Conscripts
Mainstream News: 10 hours ago, 2 flags -
Would Democrats Be in Better Shape if They Had Replaced Joe Biden with Kamala Harris in July 2024.
US Political Madness: 3 hours ago, 1 flags
active topics
-
Alien warfare predicted for December 3 2024
Aliens and UFOs • 65 • : bally001 -
Would Democrats Be in Better Shape if They Had Replaced Joe Biden with Kamala Harris in July 2024.
US Political Madness • 8 • : berbofthegreen -
Liven things up with some COMMUNITY!
General Chit Chat • 3 • : berbofthegreen -
Salvatore Pais confirms science in MH370 videos are real during live stream
General Conspiracies • 60 • : Arbitrageur -
President-Elect DONALD TRUMP's 2nd-Term Administration Takes Shape.
Political Ideology • 282 • : WeMustCare -
V.P. Kamala Harris releases a video and nobody understands why
US Political Madness • 105 • : 777Vader -
CIA Whistleblower Kevin Shipp claims CIA was involved in MH370's disappearance
General Conspiracies • 1 • : charlest2 -
President Biden is Touring Africa. Why?
Politicians & People • 8 • : BeyondKnowledge3 -
Statements of Intent from Incoming Trump Administration Members - 2025 to 2029.
2024 Elections • 22 • : nugget1 -
Australia passes social media ban for children under 16
Social Issues and Civil Unrest • 31 • : GENERAL EYES
7