Microsoft Re-Issues Security Bulletin MS12-078

Microsoft originally released security bulletin MS12-078 as part of its regular monthly patch bundle on Tuesday, December 11.   The bulletin, rated as Critical severity, addressed a flaw in the handling of TrueType or OpenType font files by kernel-mode drivers in Windows.  The bulletin included two patches, identified by Microsoft Knowledge Base numbers KB2753842 and KB2779030.

Microsoft has now re-issued Security Bulletin MS12-078, including an updated version of the KB2753842 patch.  According to Microsoft, the originally-issued patch does resolve the security vulnerability, but introduces some other problems with the handling of OpenType fonts.

Microsoft re-released this bulletin to address a known issue in the KB2753842 update related to OpenType Fonts (OTF) not properly rendering in applications after the original update was applied. Customers who have successfully installed the original KB2753842 update are protected from the vulnerability described in CVE-2012-2556. However, customers need to install the rereleased KB2753842 update to resolve the issue with improper OpenType font rendering and to keep the affected binaries up to date.

Download links for the patches are given in the updated Security Bulletin.  I do suggest that you apply the updated patch, even if you applied the original version; having old, slightly odd versions of system software hanging around is asking for trouble.

Comments are closed.

%d bloggers like this: