Microsoft fixes faulty OpenType security patch
Summary: The company has re-released an important security patch, after the first iteration messed with OpenType rendering for some PowerPoint, Coreldraw and Quark Xpress users.
Microsoft has reissued a patch intended to fix a serious security flaw in implementations of the OpenType font, after the original version of the patch rendered the font unreadable for many users of PowerPoint and other applications.
The problematic patch came out as part of Patch Tuesday on 11 December, affecting users of PowerPoint, Quark Xpress and Coreldraw. It made it impossible for those programs to render OpenType characters at a size greater than 15pt.
On Thursday, Microsoft reissued the MS12-078 patch, which also fixed a flaw in implementations of the TrueType font.
"We have re-released security update MS12-078 to address an issue in certain fonts," Microsoft Trustworthy Computing 'response communications' manager Dustin Childs said in a statement.
"Customers who have enabled automatic updates will not need to take any action. For those who apply updates manually, we recommend deploying the updated package as soon as possible."
The security flaw that the patch fixes potentially allowed attackers to remotely execute code on the user's computer, through an infected web page or document.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
who has the time...??
Those in security industry
Even anti-virus vendors have the capability to discover this vulnerabilities and exploit them secretly. Not just them, there are state sponsored researchers like the ones who developed the powerful Stuxnet worm which surprised everybody with undisclosed holes and privilege escalation tricks unknown to everybody.
Mystery Solved