Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (MS15-128)

ITS Advisory Number: 
2015-147
Date(s) Issued: 
Tuesday, December 8, 2015
Subject: 
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (MS15-128)
Overview: 

Vulnerabilities have been identified within a Microsoft Graphics component that affects Microsoft Windows, .NET Framework, Microsoft Office, Skype for Business, Microsoft Lync, and Silverlight. Microsoft Windows is a family of operating systems. Microsoft Office is a suite of applications, servers and services for both Microsoft Windows and OS X. Skype is an application that specializes in providing video chat and voice calls. Microsoft Lync is an instant messaging client that replaced Windows Messenger and Silverlight is application framework for writing and running rich Internet applications. The vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts. Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Systems Affected: 
  • Microsoft Windows Server 2008, Server 2008 R2
  • Microsoft Windows Server 2012, Server 2012 R2
  • Microsoft Windows Vista SP2
  • Microsoft Windows 7
  • Microsoft Windows 8 and 8.1
  • Microsoft Windows 10
  • Windows RT and Windows RT 8.1
  • Microsoft Office 2007
  • Microsoft Office 2010
  • Skype for Business 2016
  • Microsoft Lync 2013
  • Microsoft Lync 2010
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

Multiple remote code execution vulnerabilities exist when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights.

There are multiple ways an attacker could exploit the vulnerabilities, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage that contains embedded fonts. Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Actions: 
  • After appropriate testing, apply appropriate patches provided by Microsoft to vulnerable systems.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Remind users not to open e-mail attachments from unknown users or suspicious e-mails from trusted sources.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.