In association with heise online

18 December 2012, 13:10

Security update for Windows lets fonts disappear

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Microsoft Secuity icon One of the updates from the this month's Patch Tuesday is showing some unwanted side effects; after installing it, some programs are no longer able to show some OpenType fonts. The MS12-078 patch from 11 December closed a hole in the font rendering of Windows when faced with embedded TrueType or OpenType fonts in a web page. It was possible that specially crafted fonts in web pages or documents could play host to malicious code which would be executed when the pages or documents were displayed.

Unfortunately, this patch seems to prevent the correct display of PostScript Type 1 fonts and OpenType fonts. They disappear completely in a variety of applications – CorelDraw, QuarkExpress and PowerPoint – and currently the only way to make them visible again is to remove the patches, at the expense of the security of the system.

Complaints about the problem have also been turning up on Microsoft's community support site and Microsoft say they are aware of the problem and are planning on fixing the issue soon. Removing the patch is not recommended as the vulnerability is highly exploitable and as the details of the vulnerability are now in the public domain, it could always be incorporated into one of the more common exploit kits to mass-infect systems.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit