Microsoft issued an emergency update to fix a Zero Day vulnerability that affects all supported versions of Windows, which could allow attackers to remotely execute code.
The bug (CVE-2015-2426) is in the Microsoft OpenType Font Driver where attackers could end up tricking users into opening a specially crafted document or visiting an untrusted webpage that contains embedded OpenType fonts. Microsoft labeled this remote code execution vulnerability as critical.
“When this security bulletin was issued, Microsoft had information to indicate that this vulnerability was public but did not have any information to indicate this vulnerability had been used to attack customers. Our analysis has shown that exploit code could be created in such a way that an attacker could consistently exploit this vulnerability,” the company said in its security bulletin.
Trend Micro has more technical details about the vulnerability, which they discovered in the leaked Hacking Team trove of data.
“The leaked documents stated that the memory corruption of atmfd.dll (an Adobe kernel module) would lead to privilege escalation on Windows 8.1 x64. This is a complete exploit which allows even an escape of the Chrome sandbox through a kernel bug; the proof-of-concept exploit code runs the Windows calculator calc.exe with system privileges under winlogon.exe,” Trend Micro researchers said.
Customers who don’t have automatic updates should apply the update as soon as possible. In addition, there are workarounds available.