Critical: Font Bug Affects All Versions of Windows
A bug in the way Windows handles fonts could leave computers open to a "drive-by attack" - as long as the machine is connected to the Internet. It's among the vulnerabilities fixed in the latest Windows security update. All versions of Windows are affected.
The bug involves the way Windows deals with embedded fonts. An embedded font means that the document includes the code for the font itself. It's generally used where a document or web page designer wants users to see a specific font that's not widely installed on computers.
The bug means an embedded font could be coded in a way that allows remote code execution, which is like striking gold for a hacker. As Microsoft explains, an attacker could get control of the computer and "install programs [including malware]; view, change, or delete data; or create new accounts with full user rights." (Source: microsoft.com)
In other words, a hacker could take full control of your PC and install ransomware, then demand you pay $1000 to get your data back (for example).
Booby-Trapped Sites Could Open Doors
All that's needed for the exploit to take place is for the computer to open a document with an embedded font. This could mean getting the user to visit a booby-trapped website and download a malicious document, or open a document attached to an email.
The one good piece of news is that Microsoft rates the bug as the second highest risk level, "Exploitation Less Likely." That's because it believes it has discovered the bug and issued a fix before hackers discovered the vulnerability and began taking advantage. It does however rate the bug as "critical" which refers to the potential damage if it is exploited.
Chrome Bug + Windows Bug = Big Trouble
Although the Windows update fixes 36 bugs in total, the embedded font exploit is currently being used in conjunction with a Chrome exploit that allows cyber criminals read and write access to a device which is normally not possible.
As reported by The Register, the Chrome bug allows hackers to automatically download a malicious document containing the embedded font exploit, then automatically launch the exploited document. From there, the machine will be in full control of cyber criminals - all without the user doing anything. (Source: theregister.co.uk)
How to Stay Safe: Update Your Device
If you use Chrome, download the latest version immediately. This can be done by clicking the 3 vertical dots near the top, then Help -> About Google Chrome, and the update will download automatically.
To update Windows, do the following:
For Windows 10: click Start -> PC Settings (cog wheel) -> Update & Security -> Check for Updates (for Windows 10). Download any updates that appear in the list (minus any feature updates).
For all other versions of Windows: Click Start, then type in "windows update" (no quotes); wait for Windows Update to appear, then check for updates and download any updates that appear in the list.
What's Your Opinion?
Would you be happy with embedded fonts being disabled by default? Should Microsoft and browser developers work together to spot possible cases of bugs being combined by attackers to create a bigger problem? Are you happy to rely on automatic security updates from software makers?
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
Font Bug fix question
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\
Look for the entry named MitigationOptions. If it is not there, create a QWORD entry of 64 bit and name it MitigationOptions
There will already be a value for the QWORD entry we created; copy paste the following values to BEFORE the value so that the value is there in towards the end of value we pasted.
For turning off untrusted fonts, enter 1000000000000. To run audit mode, enter 3000000000000. To turn it off, enter 2000000000000. For example, if there is a value of 1000 already in the QWORD we created, it should look 30000000000001000
Close the registry editor, save work in any other applications that might be open and reboot the computer.
Dosen"t the above Font Bug fix void out the ALSR fix entry?
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]
"MitigationOptions"=hex:00,01,01,00,00,00,00,00,00,00,00,00,00,00,00,00
or how to I adjust for that problem?
Thanks for your advice on this.