Microsoft fixes faulty OpenType security patch

Summary:The company has re-released an important security patch, after the first iteration messed with OpenType rendering for some PowerPoint, Coreldraw and Quark Xpress users.

Microsoft has reissued a patch intended to fix a serious security flaw in implementations of the OpenType font, after the original version of the patch rendered the font unreadable for many users of PowerPoint and other applications.

The problematic patch came out as part of Patch Tuesday on 11 December, affecting users of PowerPoint, Quark Xpress and Coreldraw. It made it impossible for those programs to render OpenType characters at a size greater than 15pt.

On Thursday, Microsoft reissued the MS12-078 patch, which also fixed a flaw in implementations of the TrueType font.

"We have re-released security update MS12-078 to address an issue in certain fonts," Microsoft Trustworthy Computing 'response communications' manager Dustin Childs said in a statement.

"Customers who have enabled automatic updates will not need to take any action. For those who apply updates manually, we recommend deploying the updated package as soon as possible."

The security flaw that the patch fixes potentially allowed attackers to remotely execute code on the user's computer, through an infected web page or document.

Topics: Security, Microsoft

About

David Meyer is a freelance technology journalist. He fell into journalism when he realised his musical career wouldn't be paying many bills. His early journalistic career was spent in general news, working behind the scenes for BBC radio and on-air as a newsreader for independent stations. David's main focus is on communications, of both... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.