Microsoft fixes faulty OpenType security patch

Microsoft fixes faulty OpenType security patch

Summary: The company has re-released an important security patch, after the first iteration messed with OpenType rendering for some PowerPoint, Coreldraw and Quark Xpress users.

TOPICS: Security, Microsoft

Microsoft has reissued a patch intended to fix a serious security flaw in implementations of the OpenType font, after the original version of the patch rendered the font unreadable for many users of PowerPoint and other applications.

The problematic patch came out as part of Patch Tuesday on 11 December, affecting users of PowerPoint, Quark Xpress and Coreldraw. It made it impossible for those programs to render OpenType characters at a size greater than 15pt.

On Thursday, Microsoft reissued the MS12-078 patch, which also fixed a flaw in implementations of the TrueType font.

"We have re-released security update MS12-078 to address an issue in certain fonts," Microsoft Trustworthy Computing 'response communications' manager Dustin Childs said in a statement.

"Customers who have enabled automatic updates will not need to take any action. For those who apply updates manually, we recommend deploying the updated package as soon as possible."

The security flaw that the patch fixes potentially allowed attackers to remotely execute code on the user's computer, through an infected web page or document.

Topics: Security, Microsoft

David Meyer

About David Meyer

David Meyer is a freelance technology journalist. He fell into journalism when he realised his musical career wouldn't pay the bills. David's main focus is on communications, as well as internet technologies, regulation and mobile devices.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • who has the time...??

    I mean really, who the heck has the time to sit around and think up these hacks? The type font? Good grief!
    • Those in security industry

      Most probably companies who are selling vulnerabilities and exploits, like the Vupen in France and Crysis labs in Hungary and many others.

      Even anti-virus vendors have the capability to discover this vulnerabilities and exploit them secretly. Not just them, there are state sponsored researchers like the ones who developed the powerful Stuxnet worm which surprised everybody with undisclosed holes and privilege escalation tricks unknown to everybody.
  • Mystery Solved

    So that explains the lone patch I got yesterday. Thanks.