Microsoft fixes faulty OpenType security patch

The company has re-released an important security patch, after the first iteration messed with OpenType rendering for some PowerPoint, Coreldraw and Quark Xpress users.

Microsoft has reissued a patch intended to fix a serious security flaw in implementations of the OpenType font, after the original version of the patch rendered the font unreadable for many users of PowerPoint and other applications.

The problematic patch came out as part of Patch Tuesday on 11 December, affecting users of PowerPoint, Quark Xpress and Coreldraw. It made it impossible for those programs to render OpenType characters at a size greater than 15pt.

On Thursday, Microsoft reissued the MS12-078 patch, which also fixed a flaw in implementations of the TrueType font.

"We have re-released security update MS12-078 to address an issue in certain fonts," Microsoft Trustworthy Computing 'response communications' manager Dustin Childs said in a statement.

"Customers who have enabled automatic updates will not need to take any action. For those who apply updates manually, we recommend deploying the updated package as soon as possible."

The security flaw that the patch fixes potentially allowed attackers to remotely execute code on the user's computer, through an infected web page or document.

Show Comments