==================================================================== CERT-Renater Note d'Information No. 2016/VULN105 _____________________________________________________________________ DATE : 10/03/2016 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Windows versions Vista, 7, 8.1, 10, Server 2008, Server 2012. ====================================================================== KB3143148 https://technet.microsoft.com/en-us/library/security/MS16-026 _____________________________________________________________________ Microsoft Security Bulletin MS16-026: Security Update for Graphic Fonts to Address Remote Code Execution (3143148) Bulletin Number: MS16-026 Bulletin Title: Security Update for Graphic Fonts to Address Remote Code Execution Severity: Critical KB Article: 3143148 Version: 1.0 Published Date: March 8, 2016 Executive Summary This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker either convinces a user to open a specially crafted document, or to visit a webpage that contains specially crafted embedded OpenType fonts. This security update is rated Critical for all supported editions of Windows. Affected Software Windows Vista Service Pack 2 (3140735) Windows Vista x64 Edition Service Pack 2 (3140735) Windows Server 2008 for 32-bit Systems Service Pack 2 (3140735) Windows Server 2008 for x64-based Systems Service Pack 2 (3140735) Windows Server 2008 for Itanium-based Systems Service Pack 2 (3140735) Windows 7 for 32-bit Systems Service Pack 1 (3140735) Windows 7 for x64-based Systems Service Pack 1 (3140735) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (3140735) Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (3140735) Windows 8.1 for 32-bit Systems (3140735) Windows 8.1 for x64-based Systems (3140735) Windows Server 2012 (3140735) Windows Server 2012 R2 (3140735) Windows RT 8.1[1] (3140735) Windows 10 for 32-bit Systems[2] (3140745) Windows 10 for x64-based Systems[2] (3140745) Windows 10 Version 1511 for 32-bit Systems[2] (3140768) Windows 10 Version 1511 for x64-based Systems [2] (3140768) Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) (3140735) Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) (3140735) Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (3140735) Windows Server 2012 (Server Core installation) (3140735) Windows Server 2012 R2 (Server Core installation) (3140735) [1]This update is only available via Windows Update. [2]Windows 10 updates are cumulative. In addition to containing non-security updates, they also contain all of the security fixes for all of the Windows 10-affected vulnerabilities shipping with the monthly security release. The update is available via the Windows Update Catalog. Vulnerability Information OpenType Font Parsing Vulnerability - CVE-2016-0120 A denial of service vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could cause a denial of service condition. For systems running Windows 10, an attacker who successfully exploited the vulnerability could potentially cause the application to stop responding instead of the system. There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts. The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list: Vulnerability title CVE number Publicly disclosed Exploited OpenType Font Parsing Vulnerability CVE-2016-0120 No No OpenType Font Parsing Vulnerability - CVE-2016-0121 A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts. The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list: Vulnerability title CVE number Publicly disclosed Exploited OpenType Font Parsing Vulnerability CVE-2016-0121 No No ========================================================== Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================