Security Update for Microsoft Uniscribe to Address Remote Code Execution (MS15-130)

ITS Advisory Number: 
2015-149
Date(s) Issued: 
Tuesday, December 8, 2015
Subject: 
Security Update for Microsoft Uniscribe to Address Remote Code Execution (MS15-130)
Overview: 

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains specially crafted fonts. The security update addresses the vulnerability by correcting how Windows parses fonts.

Systems Affected: 
  • Windows 7 (All supported editions)
  • Windows Server 2008 R2
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

Windows Integer Underflow Vulnerability - CVE-2015-6130

A remote code execution vulnerability exists when Windows Unsubscribe improperly parses specially crafted fonts. An attacker who successfully exploits the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, and convincing a user to visit an untrusted webpage that contains embedded fonts. The security update addresses the vulnerability by correcting how Windows parses fonts.

Actions: 
  • Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Remind users not to open email attachments from unknown users or suspicious emails from trusted sources.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.