Critical: Font Bug Affects All Versions of Windows

John Lister's picture

A bug in the way Windows handles fonts could leave computers open to a "drive-by attack" - as long as the machine is connected to the Internet. It's among the vulnerabilities fixed in the latest Windows security update. All versions of Windows are affected.

The bug involves the way Windows deals with embedded fonts. An embedded font means that the document includes the code for the font itself. It's generally used where a document or web page designer wants users to see a specific font that's not widely installed on computers.

The bug means an embedded font could be coded in a way that allows remote code execution, which is like striking gold for a hacker. As Microsoft explains, an attacker could get control of the computer and "install programs [including malware]; view, change, or delete data; or create new accounts with full user rights." (Source: microsoft.com)

In other words, a hacker could take full control of your PC and install ransomware, then demand you pay $1000 to get your data back (for example).

Booby-Trapped Sites Could Open Doors

All that's needed for the exploit to take place is for the computer to open a document with an embedded font. This could mean getting the user to visit a booby-trapped website and download a malicious document, or open a document attached to an email.

The one good piece of news is that Microsoft rates the bug as the second highest risk level, "Exploitation Less Likely." That's because it believes it has discovered the bug and issued a fix before hackers discovered the vulnerability and began taking advantage. It does however rate the bug as "critical" which refers to the potential damage if it is exploited.

Chrome Bug + Windows Bug = Big Trouble

Although the Windows update fixes 36 bugs in total, the embedded font exploit is currently being used in conjunction with a Chrome exploit that allows cyber criminals read and write access to a device which is normally not possible.

As reported by The Register, the Chrome bug allows hackers to automatically download a malicious document containing the embedded font exploit, then automatically launch the exploited document. From there, the machine will be in full control of cyber criminals - all without the user doing anything. (Source: theregister.co.uk)

How to Stay Safe: Update Your Device

If you use Chrome, download the latest version immediately. This can be done by clicking the 3 vertical dots near the top, then Help -> About Google Chrome, and the update will download automatically.

To update Windows, do the following:

For Windows 10: click Start -> PC Settings (cog wheel) -> Update & Security -> Check for Updates (for Windows 10). Download any updates that appear in the list (minus any feature updates).

For all other versions of Windows: Click Start, then type in "windows update" (no quotes); wait for Windows Update to appear, then check for updates and download any updates that appear in the list.

What's Your Opinion?

Would you be happy with embedded fonts being disabled by default? Should Microsoft and browser developers work together to spot possible cases of bugs being combined by attackers to create a bigger problem? Are you happy to rely on automatic security updates from software makers?

Rate this article: 
Average: 5 (7 votes)

Comments

yrretnow_13027's picture

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\
Look for the entry named MitigationOptions. If it is not there, create a QWORD entry of 64 bit and name it MitigationOptions
There will already be a value for the QWORD entry we created; copy paste the following values to BEFORE the value so that the value is there in towards the end of value we pasted.
For turning off untrusted fonts, enter 1000000000000. To run audit mode, enter 3000000000000. To turn it off, enter 2000000000000. For example, if there is a value of 1000 already in the QWORD we created, it should look 30000000000001000
Close the registry editor, save work in any other applications that might be open and reboot the computer.

Dosen"t the above Font Bug fix void out the ALSR fix entry?
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]
"MitigationOptions"=hex:00,01,01,00,00,00,00,00,00,00,00,00,00,00,00,00

or how to I adjust for that problem?
Thanks for your advice on this.