A A Email Print Share

Microsoft Security Bulletin MS15-078

Today's Advisory: Microsoft Security Bulletin MS15-078 Release

----------------------------------------------------------------------------------

What is the purpose of this alert?

This alert is to provide you with an overview of one new security bulletin being released (outside of the normal update schedule) on July 20, 2015, to address a new vulnerability affecting Windows.

Today Microsoft released an out-of-band security update to address an issue affecting Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.

For an attack to be successful, an attacker would have to convince the user to take an unsafe action, such as opening a malicious document or visiting a malicious webpage. The attacker would have no way to force the user to take the unsafe action.

The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically. For those manually updating, we strongly encourage you to apply this update as quickly as possible.

CTS recommends the following actions:

  1. Do not open any suspicious links or documents coming from untrusted sources.
  2. If you are using a personal (i.e. non-Duquesne-owned) machine, please run Windows Updates as soon as possible to protect yourself against this vulnerability. If Windows Updates are set to automatically run, let them run and then reboot your machine.
  3. If you are using a Duquesne-owned machine, the Windows Update will be deployed by CTS. When Windows Updates prompts to run, please allow it to run and then reboot your machine.

More information on this issue can also be found in Microsoft's knowledge base, listed here: https://support.microsoft.com/en-us/kb/3079904

If you have any questions, please contact the CTS Help Desk at 412-396-4367 or by emailing help@duq.edu