It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Microsoft Releases Emergency Patch ... All Versions
page: 17
share:
ZDNet: Microsoft Releases Emergency Patch
Microsoft releases emergency patch for all versions of Windows
The flaw, which also affects Windows 10, allows a hacker to take over a machine.
...
The software giant said in an advisory Monday that the vulnerability, if exploited, could "allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts."
"An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," the advisory added.
for all versions of Windows
-
Fonts Are Remotely Exploitable
Proprietary software is so bad that even fonts are a huge risk. This isn’t the first such incident.
It serves also as a reminder for GNU/Linux users because some users continues to install proprietary software from Adobe, despite Free/libre alternatives being equally potent.
-
Observable Keywords:
Attacker ... Vulnerability ... Exploited ???
( or words to use when describing an ... ai-victim ? )
.
edit on 21-7-2015 by FarleyWayne because: (no reason given)
I have no idea what you're on about with your "keywords" or what an "ai-victim" is, but this sounds like a typical security patch...
MICROSOFT RELEASES A PATCH!!!
Stop the presses…. Tell me it isn't so….
You mean Windows is not secure?!
Stop the presses…. Tell me it isn't so….
You mean Windows is not secure?!
originally posted by: notmyrealname
MICROSOFT RELEASES A PATCH!!!
Stop the presses…. Tell me it isn't so….
You mean Windows is not secure?!
Lol Thats why Linux is way better.
Though scary when it makes headlines, these things are discovered all the time, and all over the ace (web browsers, phones, software, etc).
It's a good thing that people dedicate their profession to finding these holes and vulnerable areas.
This is a perfect example of a true hacker by the way.
It's a good thing that people dedicate their profession to finding these holes and vulnerable areas.
This is a perfect example of a true hacker by the way.
automatic updates are my friend....get them all the time....but, you know....that's how we stupid people that are called "sheeple"...respond to these
type of attacks....
First I have heard of dangerous fonts, have heard of some image files doing some pretty nasty things at times as well. Do need to use some care when
travelling the internet.
a reply to: FarleyWayne
This concerns the OpenType fonts implemented by Adobe but other font technologies have vulnerabilities.
The true-type font rendering engine has been vulnerable since its implementation. This is because the fonts themselves are able to carry code.
When you scale a TT font close to the pixel limit of the display, you can no longer simply reduce the outline, but must cut slivers from the font to reduce it down and retain readability.
The issue arises from determining which slivers of pixels are important and which are perceptually inconsequential. The designer of the font is supposed to put in code which determines what to loose, based upon the aesthetics of human perception. The font definition contains space in which to place that code.
The code need not even be rendering related, anything can be placed there and the standard mechanisms for forcing execution of embedded code be used.
This would not be an issue except that fonts may legitimately be embedded into a document (to ensure the portability of the document and that it appears the same in all circumstances), this then provides a mechanism for propagating that code.
In the '70's I wrote a demo program that used ASCII character coding via ANSI.SYS (part of DOS) to call the DEBUG program, compile its own code and execute it. This was to demonstrate how benign appearing carriers can be co-opted to introduce malicious code. (Fortunately, back then, exploits weren't broadcast over the web for script kiddies to use).
This concerns the OpenType fonts implemented by Adobe but other font technologies have vulnerabilities.
The true-type font rendering engine has been vulnerable since its implementation. This is because the fonts themselves are able to carry code.
When you scale a TT font close to the pixel limit of the display, you can no longer simply reduce the outline, but must cut slivers from the font to reduce it down and retain readability.
The issue arises from determining which slivers of pixels are important and which are perceptually inconsequential. The designer of the font is supposed to put in code which determines what to loose, based upon the aesthetics of human perception. The font definition contains space in which to place that code.
The code need not even be rendering related, anything can be placed there and the standard mechanisms for forcing execution of embedded code be used.
This would not be an issue except that fonts may legitimately be embedded into a document (to ensure the portability of the document and that it appears the same in all circumstances), this then provides a mechanism for propagating that code.
In the '70's I wrote a demo program that used ASCII character coding via ANSI.SYS (part of DOS) to call the DEBUG program, compile its own code and execute it. This was to demonstrate how benign appearing carriers can be co-opted to introduce malicious code. (Fortunately, back then, exploits weren't broadcast over the web for script kiddies to use).
originally posted by: PrimeAutobot
originally posted by: notmyrealname
MICROSOFT RELEASES A PATCH!!!
Stop the presses…. Tell me it isn't so….
You mean Windows is not secure?!
Lol Thats why Linux is way better.
Linux uses OpenType and TrueType fonts and is therefore vulnerable.
a reply to: FarleyWayne
I really have no idea what this topic is about, and yes I have read it. I still use Windows 7 ad my comp is 6-7 years old. I have had the white flag of uprgarde death for several months on my toolbar warning me that I should uprage to 10 when it comes out. But a strange thing happened to me today that hasn't happned ever. I was unable to connect to the Net, whereas other devices were able to in my house, just not my laptop. I know how to get around such things and the protocol to take, but it was my comp and not my router or wireless, I could not do IPCONFIG or anything, it would not open.
I ran multiple scans and security tests and there was nothing, it just came back saying my IP was fraudulent, and yet I dismissed all firewalls and security and such. after 6 restarts and 5 hours of brainstorming it suddenly worked. I was about to do a full system restore as a last cause and spent an hour backing up what I havent for the last 2 months, but it finally worked, And I have no answer to why it did. The strangest computer problem that just happened to fix itself over time, it doesnt make sense. Even my screen went out saying I didn't have the driver to operate my screen at first. After restart and troubleshooting it kept coming back that my IP would not work for my router or connection.
At least after several hours of cleaning up my comp it runs faster but it doesn't explain why all of a sudden the internet just connects no and didn't before, I was unable to fix it or adjust my IP to fix it since IPCONFIG would just flash and go away even after adminastrator etc. F windows, even after I said F Linux.
I really have no idea what this topic is about, and yes I have read it. I still use Windows 7 ad my comp is 6-7 years old. I have had the white flag of uprgarde death for several months on my toolbar warning me that I should uprage to 10 when it comes out. But a strange thing happened to me today that hasn't happned ever. I was unable to connect to the Net, whereas other devices were able to in my house, just not my laptop. I know how to get around such things and the protocol to take, but it was my comp and not my router or wireless, I could not do IPCONFIG or anything, it would not open.
I ran multiple scans and security tests and there was nothing, it just came back saying my IP was fraudulent, and yet I dismissed all firewalls and security and such. after 6 restarts and 5 hours of brainstorming it suddenly worked. I was about to do a full system restore as a last cause and spent an hour backing up what I havent for the last 2 months, but it finally worked, And I have no answer to why it did. The strangest computer problem that just happened to fix itself over time, it doesnt make sense. Even my screen went out saying I didn't have the driver to operate my screen at first. After restart and troubleshooting it kept coming back that my IP would not work for my router or connection.
At least after several hours of cleaning up my comp it runs faster but it doesn't explain why all of a sudden the internet just connects no and didn't before, I was unable to fix it or adjust my IP to fix it since IPCONFIG would just flash and go away even after adminastrator etc. F windows, even after I said F Linux.
a reply to: FarleyWayne
I would suggest the actual is opposite to the claimed.
I don't trust Microsoft at all. No company, no matter how big is able to resist the power of the American industrial military complex, or the regulatory, financial, diplomatic and influential power of the American govt.
I would suggest the actual is opposite to the claimed.
I don't trust Microsoft at all. No company, no matter how big is able to resist the power of the American industrial military complex, or the regulatory, financial, diplomatic and influential power of the American govt.
originally posted by: Azureblue
a reply to: FarleyWayne
I would suggest the actual is opposite to the claimed.
I don't trust Microsoft at all. No company, no matter how big is able to resist the power of the American industrial military complex, or the regulatory, financial, diplomatic and influential power of the American govt.
OK, you don't trust Microsoft. Fine. What about the millions of people who can verify the vulnerability exists as stated, and who go through every patch with a fine-toothed comb? Do you not trust them either?
a reply to: FarleyWayne
Isn't that the way Microsoft works? their OS has always been crappy that is why vulnerability patches are always releases like band aids to keep their OS working without falling apart at the seams.
Nothing new just the same old same.
Isn't that the way Microsoft works? their OS has always been crappy that is why vulnerability patches are always releases like band aids to keep their OS working without falling apart at the seams.
Nothing new just the same old same.
new topics
-
WF Killer Patents & Secret Science Vol. 1 | Free Energy & Anti-Gravity Cover-Ups
General Conspiracies: 1 hours ago -
Hurt my hip; should I go see a Doctor
General Chit Chat: 2 hours ago -
Israel attacking Iran again.
Middle East Issues: 3 hours ago -
Michigan school district cancels lesson on gender identity and pronouns after backlash
Education and Media: 3 hours ago -
When an Angel gets his or her wings
Religion, Faith, And Theology: 4 hours ago -
Comparing the theology of Paul and Hebrews
Religion, Faith, And Theology: 4 hours ago -
Pentagon acknowledges secret UFO project, the Kona Blue program | Vargas Reports
Aliens and UFOs: 5 hours ago -
Boston Dynamics say Farewell to Atlas
Science & Technology: 6 hours ago -
I hate dreaming
Rant: 6 hours ago -
Man sets himself on fire outside Donald Trump trial
Mainstream News: 8 hours ago
top topics
-
The Democrats Take Control the House - Look what happened while you were sleeping
US Political Madness: 9 hours ago, 18 flags -
In an Historic First, In N Out Burger Permanently Closes a Location
Mainstream News: 11 hours ago, 16 flags -
A man of the people
Medical Issues & Conspiracies: 16 hours ago, 11 flags -
Biden says little kids flip him the bird all the time.
Politicians & People: 8 hours ago, 9 flags -
Man sets himself on fire outside Donald Trump trial
Mainstream News: 8 hours ago, 8 flags -
Pentagon acknowledges secret UFO project, the Kona Blue program | Vargas Reports
Aliens and UFOs: 5 hours ago, 6 flags -
Israel attacking Iran again.
Middle East Issues: 3 hours ago, 5 flags -
Michigan school district cancels lesson on gender identity and pronouns after backlash
Education and Media: 3 hours ago, 5 flags -
Boston Dynamics say Farewell to Atlas
Science & Technology: 6 hours ago, 4 flags -
WF Killer Patents & Secret Science Vol. 1 | Free Energy & Anti-Gravity Cover-Ups
General Conspiracies: 1 hours ago, 4 flags
active topics
-
Candidate TRUMP Now Has Crazy Judge JUAN MERCHAN After Him - The Stormy Daniels Hush-Money Case.
Political Conspiracies • 404 • : Zanti Misfit -
When an Angel gets his or her wings
Religion, Faith, And Theology • 4 • : randomuser2034 -
Man sets himself on fire outside Donald Trump trial
Mainstream News • 34 • : WeMustCare -
In an Historic First, In N Out Burger Permanently Closes a Location
Mainstream News • 10 • : Degradation33 -
SC Jack Smith is Using Subterfuge Tricks with Donald Trumps Upcoming Documents Trial.
Dissecting Disinformation • 100 • : WeMustCare -
Israel attacking Iran again.
Middle East Issues • 23 • : KrustyKrab -
So I saw about 30 UFOs in formation last night.
Aliens and UFOs • 37 • : charlyv -
Hurt my hip; should I go see a Doctor
General Chit Chat • 11 • : TheLieWeLive -
Sheetz facing racial discrimination lawsuit for considering criminal history in hiring
Social Issues and Civil Unrest • 7 • : Caver78 -
Silent Moments --In Memory of Beloved Member TDDA
Short Stories • 48 • : Encia22
7