Microsoft Releases Emergency Patch For Font Driver Vulnerability

[Guest]

Microsoft deployed an emergency security update for all currently supported versions of the Windows operating system, resolving a vulnerability that could allow remote code execution when users view content that contains embedded OpenType fonts.

Microsoft Releases Emergency Patch For Font Driver Vulnerability : Read more

 

[jimmysmitty]

If it was tied to Adobe and Flash then it is possibly a newer exploit that was just found due to the issues Flash present. There is no way of knowing how long it has been around but since Vista means it is due to the newer way that the front end and back end are handled compared to the older XP and lower design.

I think it was probably always there but the Flash issue is what made it possible which is why the sooner Flash goes bye bye the better off we are. And Java.

 

[rantoc]

If i were to look for an exploit it would be in any product who starts with Adobe, they don't seem to care about security at all by judging on the sheer number of exploits related to their products especially flash that looks to be the holy grail for anyone who wants to do anything malicious - It needs to die!

 

[red77star]

Someone wants Adobe out of business so suddenly all this BS. is showing up. I have seen same BS patter in other area of life.

 

[red77star]

A goal of these spectacular BS security discoveries is to shape up a public opinion and media and build negative attitude toward target subject, namely Adobe. Once that is achieved and millions of brainwashed people are told what to think or feel...it is like chain reaction.

 

[jimmysmitty]

Someone wants Adobe out of business so suddenly all this BS. is showing up. I have seen same BS patter in other area of life.

Adobe is doing it to themselves. Their products have massive exploits and are some of the reasons for some of the latest viruses. That and Java. I would rank them both the top reasons for viruses are due to exploits in their software that open holes into the OS.

 

[red77star]

It tells me that OS itself is crappy coded.

 

[jimmysmitty]

It tells me that OS itself is crappy coded.

Even a more secure OS can be screwed up by software. It is why Microsoft moved to APIs to stop games from crashing the entire OS when it freaked the GPU driver out.

And of course no OS is perfect, not even Linux is 100% bullet proof.

But considering that not only has Microsoft had issues with Flash in IE or Windows but also Mozilla Firefox, they killed it from running until it was patched recently, and even Chrome, they update Flash themselves instead of relying on Adobe, that says that it is more Adobe that is causing the issues than Microsoft.

Of course it is sort of pointless trying to show you this as you seem to have a spite for Microsoft for doing some sort of physical or emotional harm to you.

 

[Alec Mowat]

It the time it takes to deploy this critical update to all servers and workstations, you could simply run a script to uninstall Flash. Unless you need it for line of business software, you shouldn't be using flash player in a work place.

 

[ravewulf]

"Whoever said words would never hurt us lied."
+1

 

[gangrel]

And it's not like Flash-bashing is something new.

Chrome and iOS don't touch Flash now. This puts them at a competitive DISadvantage relative to other Flash-using environments. They will lose some of their users because of that. If you think of it in that way, it's not bashing just to bash. One can argue that with Google's general attempt to squash NPAPI is somewhat self-serving, in that the alternative is something they control to a much greater degree...but Mozilla is pushing for the same changes, so this argument is gutted IMO.

 

[jimmysmitty]

And it's not like Flash-bashing is something new.

Chrome and iOS don't touch Flash now. This puts them at a competitive DISadvantage relative to other Flash-using environments. They will lose some of their users because of that. If you think of it in that way, it's not bashing just to bash. One can argue that with Google's general attempt to squash NPAPI is somewhat self-serving, in that the alternative is something they control to a much greater degree...but Mozilla is pushing for the same changes, so this argument is gutted IMO.

Neither does Android. Stopped flash in version 4.x. And if I remember Windows Phone also doesn't support flash.

 

[Tiffany Monyata]

There is no way of knowing how long it has been around but since Vista means it is due to the newer way that the front end and back end are handled compared to the older XP and lower design.

.

There is no knowing if this applies to earlier Operating System versions as they are no longer supported. Microsoft does not need to disclose this information nor would they.

 

[turkey3_scratch]

Someone wants Adobe out of business so suddenly all this BS. is showing up. I have seen same BS patter in other area of life.

Adobe is doing it to themselves. Their products have massive exploits and are some of the reasons for some of the latest viruses. That and Java. I would rank them both the top reasons for viruses are due to exploits in their software that open holes into the OS.

I program myself some for a hobby and will not even bother learning Flash or Java because let's face it, they're as dead as sitcoms.

 

[gangrel]

Java's not dead. Java, for use in web apps, MIGHT be dead...but even that's not clear to me at this point.

 

[kewlguy239]

Pretty sure Flash was only mentioned in the article for reference. The problem was in the Windows Adobe Type Manager Library, which is a Windows component, having nothing to do with Flash. Nor do I think mentioning Flash automatically makes this flaming anti-Adobe propaganda. They would have titled the article "Adobe Fails Again: Countdown to Chapter 11" or something along those lines (if not something more dramatic) if the goal was to spread that kind of rhetoric. Adobe isn't even mentioned in the title. Adobe is guilty by association, but it doesn't appear the actual bug had anything to do with Flash.

 

[Kewlx25]

This bug affects ANY software that renders fonts in Windows. Nothing to do with Adobe.

 

[jimmysmitty]

Pretty sure Flash was only mentioned in the article for reference. The problem was in the Windows Adobe Type Manager Library, which is a Windows component, having nothing to do with Flash. Nor do I think mentioning Flash automatically makes this flaming anti-Adobe propaganda. They would have titled the article "Adobe Fails Again: Countdown to Chapter 11" or something along those lines (if not something more dramatic) if the goal was to spread that kind of rhetoric. Adobe isn't even mentioned in the title. Adobe is guilty by association, but it doesn't appear the actual bug had anything to do with Flash.

That is why I said if, not that it was.

It doesn't remove the fact that most programs from Adobe are bug ridden and horrid these days and the sooner we can stop using them the better off we will be.

Most exploits/bugs come from software that are coded in a sloppy manner trying to make shortcuts that then open holes in the OS.

Again there is a good reason why programs like Flash are being abandoned.

 

[knowom]

8 years or greater if it also affects older unsupported OSes of a font exploit nice job Microsoft job well done you earn a gold star from Adobe and Java. Sorry I honestly just don't know which is worse Java, Adobe, or Microsoft in terms of security. Where is Facebook calling for Microsoft to die a quick and painful death like Adobe however are they not equally guilty of heinous security crimes?