Microsoft Security Bulletin MS15-044 - Critical

10/11/2017
20 minutes to read

Vulnerabilities in Microsoft Font Drivers Could Allow Remote Code Execution (3057110)

Published: May 12, 2015 | Updated: June 23, 2015

Version: 2.1

Executive Summary

This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType fonts.

This security update is rated Critical for supported releases of Microsoft Windows and all affected editions of Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. For more information, see the Affected Software section.

The security update addresses the vulnerabilities by correcting how the Windows DirectWrite library handles OpenType and TrueType fonts. For more information about the vulnerabilities, see the Vulnerability Information section.

For more information about this update, see Microsoft Knowledge Base Article 3057110.

Affected Software and Vulnerability Severity Ratings

The following software versions or editions are affected. Versions or editions that are not listed are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.

The severity ratings indicated for each affected software assume the potential maximum impact of the vulnerability. For information regarding the likelihood, within 30 days of this security bulletin’s release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the May bulletin summary.

Microsoft Windows

Operating System	Component	[OpenType Font Parsing Vulnerability - CVE-2015-1670](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1670)	[TrueType Font Parsing Vulnerability - CVE-2015-1671](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1671)	Updates Replaced
Windows Server 2003
[Windows Server 2003 Service Pack 2](https://www.microsoft.com/download/details.aspx?familyid=19acf15d-e623-440a-9591-1c7d71d7a8c8) (3045171)	Not applicable	Important Information Disclosure	Critical Remote Code Execution	3034344 in [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460)
Windows Server 2003 Service Pack 2	[Microsoft .NET Framework 3.0 Service Pack 2](https://www.microsoft.com/download/details.aspx?familyid=1c2a8f89-16e1-4c60-86fc-99edba7e536b) (3048073)	Important Information Disclosure	Critical Remote Code Execution	2861189 in [MS13-082](http://go.microsoft.com/fwlink/?linkid=318048), 2832411 in [MS13-052](http://go.microsoft.com/fwlink/?linkid=299844)
Windows Server 2003 Service Pack 2	[Microsoft .NET Framework 4](https://www.microsoft.com/download/details.aspx?familyid=c75264eb-52fe-4ee8-8eb9-8beacb2b27ef)^[1] (3048074)	Important Information Disclosure	Critical Remote Code Execution	2656405 in [MS12-034](http://go.microsoft.com/fwlink/?linkid=251038)
[Windows Server 2003 x64 Edition Service Pack 2](https://www.microsoft.com/download/details.aspx?familyid=1377113d-6f56-458d-ab84-ba780cd6a3af) (3045171)	Not applicable	Important Information Disclosure	Critical Remote Code Execution	3034344 in [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460)
Windows Server 2003 x64 Edition Service Pack 2	[Microsoft .NET Framework 3.0 Service Pack 2](https://www.microsoft.com/download/details.aspx?familyid=1c2a8f89-16e1-4c60-86fc-99edba7e536b) (3048073)	Important Information Disclosure	Critical Remote Code Execution	2861189 in [MS13-082](http://go.microsoft.com/fwlink/?linkid=318048), 2832411 in [MS13-052](http://go.microsoft.com/fwlink/?linkid=299844)
Windows Server 2003 x64 Edition Service Pack 2	[Microsoft .NET Framework 4](https://www.microsoft.com/download/details.aspx?familyid=c75264eb-52fe-4ee8-8eb9-8beacb2b27ef)^[1] (3048074)	Important Information Disclosure	Critical Remote Code Execution	2656405 in [MS12-034](http://go.microsoft.com/fwlink/?linkid=251038)
[Windows Server 2003 with SP2 for Itanium-based Systems](https://www.microsoft.com/download/details.aspx?familyid=602c9586-689a-4bab-af57-c8b9bcd61640) (3045171)	Not applicable	Important Information Disclosure	Critical Remote Code Execution	3034344 in [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460)
Windows Vista
[Windows Vista Service Pack 2](https://www.microsoft.com/download/details.aspx?familyid=383cfa46-9a58-4ffe-a0a6-5c8f616c8bf8) (3045171)	Not applicable	Important Information Disclosure	Critical Remote Code Execution	3034344 in [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460)
Windows Vista Service Pack 2	[Microsoft .NET Framework 3.0 Service Pack 2](https://www.microsoft.com/download/details.aspx?familyid=c593c875-0375-445d-8c2b-14e2194cf32a) (3048068)	Important Information Disclosure	Critical Remote Code Execution	2861190 in [MS13-082](http://go.microsoft.com/fwlink/?linkid=318048), 2832412 in [MS13-052](http://go.microsoft.com/fwlink/?linkid=299844)
Windows Vista Service Pack 2	[Microsoft .NET Framework 4](https://www.microsoft.com/download/details.aspx?familyid=c75264eb-52fe-4ee8-8eb9-8beacb2b27ef)^[1] (3048074)	Important Information Disclosure	Critical Remote Code Execution	2656405 in [MS12-034](http://go.microsoft.com/fwlink/?linkid=251038)
Windows Vista Service Pack 2	[Microsoft .NET Framework 4.5/4.5.1/4.5.2](https://www.microsoft.com/download/details.aspx?familyid=783e8794-5859-4c9e-9f8b-6a20c31d21af) (3048077)	Important Information Disclosure	Critical Remote Code Execution	None
[Windows Vista x64 Edition Service Pack 2](https://www.microsoft.com/download/details.aspx?familyid=c186dd76-e7d6-4bb8-b508-ee9fc1b640d3) (3045171)	Not applicable	Important Information Disclosure	Critical Remote Code Execution	3034344 in [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460)
Windows Vista x64 Edition Service Pack 2	[Microsoft .NET Framework 3.0 Service Pack 2](https://www.microsoft.com/download/details.aspx?familyid=c593c875-0375-445d-8c2b-14e2194cf32a) (3048068)	Important Information Disclosure	Critical Remote Code Execution	2861190 in [MS13-082](http://go.microsoft.com/fwlink/?linkid=318048), 2832412 in [MS13-052](http://go.microsoft.com/fwlink/?linkid=299844)
Windows Vista x64 Edition Service Pack 2	[Microsoft .NET Framework 4](https://www.microsoft.com/download/details.aspx?familyid=c75264eb-52fe-4ee8-8eb9-8beacb2b27ef)^[1] (3048074)	Important Information Disclosure	Critical Remote Code Execution	2656405 in [MS12-034](http://go.microsoft.com/fwlink/?linkid=251038)
Windows Vista x64 Edition Service Pack 2	[Microsoft .NET Framework 4.5/4.5.1/4.5.2](https://www.microsoft.com/download/details.aspx?familyid=783e8794-5859-4c9e-9f8b-6a20c31d21af) (3048077)	Important Information Disclosure	Critical Remote Code Execution	None
Windows Server 2008
[Windows Server 2008 for 32-bit Systems Service Pack 2](https://www.microsoft.com/download/details.aspx?familyid=6f2e390c-eeda-404d-acb3-f6c28b4616be) (3045171)	Not applicable	Important Information Disclosure	Critical Remote Code Execution	3034344 in [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460)
Windows Server 2008 for 32-bit Systems Service Pack 2	[Microsoft .NET Framework 3.0 Service Pack 2](https://www.microsoft.com/download/details.aspx?familyid=c593c875-0375-445d-8c2b-14e2194cf32a) (3048068)	Important Information Disclosure	Critical Remote Code Execution	2861190 in [MS13-082](http://go.microsoft.com/fwlink/?linkid=318048), 2832412 in [MS13-052](http://go.microsoft.com/fwlink/?linkid=299844)
Windows Server 2008 for 32-bit Systems Service Pack 2	[Microsoft .NET Framework 4](https://www.microsoft.com/download/details.aspx?familyid=c75264eb-52fe-4ee8-8eb9-8beacb2b27ef)^[1] (3048074)	Important Information Disclosure	Critical Remote Code Execution	2656405 in [MS12-034](http://go.microsoft.com/fwlink/?linkid=251038)
Windows Server 2008 for 32-bit Systems Service Pack 2	[Microsoft .NET Framework 4.5/4.5.1/4.5.2](https://www.microsoft.com/download/details.aspx?familyid=783e8794-5859-4c9e-9f8b-6a20c31d21af) (3048077)	Important Information Disclosure	Critical Remote Code Execution	None
[Windows Server 2008 for x64-based Systems Service Pack 2](https://www.microsoft.com/download/details.aspx?familyid=b10166db-a6af-4e9f-b6ea-dd0cfc3eb6e8) (3045171)	Not applicable	Important Information Disclosure	Critical Remote Code Execution	3034344 in [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460)
Windows Server 2008 for x64-based Systems Service Pack 2	[Microsoft .NET Framework 3.0 Service Pack 2](https://www.microsoft.com/download/details.aspx?familyid=c593c875-0375-445d-8c2b-14e2194cf32a) (3048068)	Important Information Disclosure	Critical Remote Code Execution	2861190 in [MS13-082](http://go.microsoft.com/fwlink/?linkid=318048), 2832412 in [MS13-052](http://go.microsoft.com/fwlink/?linkid=299844)
Windows Server 2008 for x64-based Systems Service Pack 2	[Microsoft .NET Framework 4](https://www.microsoft.com/download/details.aspx?familyid=c75264eb-52fe-4ee8-8eb9-8beacb2b27ef)^[1] (3048074)	Important Information Disclosure	Critical Remote Code Execution	2656405 in [MS12-034](http://go.microsoft.com/fwlink/?linkid=251038)
Windows Server 2008 for x64-based Systems Service Pack 2	[Microsoft .NET Framework 4.5/4.5.1/4.5.2](https://www.microsoft.com/download/details.aspx?familyid=783e8794-5859-4c9e-9f8b-6a20c31d21af) (3048077)	Important Information Disclosure	Critical Remote Code Execution	None
[Windows Server 2008 for Itanium-based Systems Service Pack 2](https://www.microsoft.com/download/details.aspx?familyid=372aa8e3-d081-4fb6-bdc4-b3f2934833c5) (3045171)	Not applicable	Important Information Disclosure	Critical Remote Code Execution	3034344 in [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460)
Windows 7
[Windows 7 for 32-bit Systems Service Pack 1](https://www.microsoft.com/download/details.aspx?familyid=fd9345fb-394c-433a-921b-6ecb40dbc1d9) (3045171)	Not applicable	Important Information Disclosure	Critical Remote Code Execution	3034344 in [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460)
Windows 7 for 32-bit Systems Service Pack 1	[Microsoft .NET Framework 3.5.1](https://www.microsoft.com/download/details.aspx?familyid=3f1a9a62-6d5e-4d0f-a68b-2c028fd9b334) (3048070)	Important Information Disclosure	Critical Remote Code Execution	2861191 in [MS13-082](http://go.microsoft.com/fwlink/?linkid=318048), 2832414 in [MS13-052](http://go.microsoft.com/fwlink/?linkid=299844)
[Windows 7 for x64-based Systems Service Pack 1](https://www.microsoft.com/download/details.aspx?familyid=bfbbdba4-5528-4091-90f3-5bb0dce7d563) (3045171)	Not applicable	Important Information Disclosure	Critical Remote Code Execution	3034344 in [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460)
Windows 7 for x64-based Systems Service Pack 1	[Microsoft .NET Framework 3.5.1](https://www.microsoft.com/download/details.aspx?familyid=3f1a9a62-6d5e-4d0f-a68b-2c028fd9b334) (3048070)	Important Information Disclosure	Critical Remote Code Execution	2861191 in [MS13-082](http://go.microsoft.com/fwlink/?linkid=318048), 2832414 in [MS13-052](http://go.microsoft.com/fwlink/?linkid=299844)
Windows Server 2008 R2
[Windows Server 2008 R2 for x64-based Systems Service Pack 1](https://www.microsoft.com/download/details.aspx?familyid=900ffc3d-0312-4119-9f3f-5403f8334fed) (3045171)	Not applicable	Important Information Disclosure	Critical Remote Code Execution	3034344 in [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460)
Windows Server 2008 R2 for x64-based Systems Service Pack 1	[Microsoft .NET Framework 3.5.1](https://www.microsoft.com/download/details.aspx?familyid=3f1a9a62-6d5e-4d0f-a68b-2c028fd9b334) (3048070)	Important Information Disclosure	Critical Remote Code Execution	2861191 in [MS13-082](http://go.microsoft.com/fwlink/?linkid=318048), 2832414 in [MS13-052](http://go.microsoft.com/fwlink/?linkid=299844)
[Windows Server 2008 R2 for Itanium-based Systems Service Pack 1](https://www.microsoft.com/download/details.aspx?familyid=6d2fcc77-47b2-4a04-8ffe-3f2bd5d1524e) (3045171)	Not applicable	Important Information Disclosure	Critical Remote Code Execution	3034344 in [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460)
Windows 8 and Windows 8.1
[Windows 8 for 32-bit Systems](https://www.microsoft.com/download/details.aspx?familyid=c0d44cf8-ac1c-4d2d-882e-ef15432d3a6b) (3045171)	Not applicable	Important Information Disclosure	Critical Remote Code Execution	3034344 in [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460)
Windows 8 for 32-bit Systems	[Microsoft .NET Framework 3.5](https://www.microsoft.com/download/details.aspx?familyid=9742b4d1-494c-4a58-af69-f3b3f91e2d85) (3048071)	Important Information Disclosure	Critical Remote Code Execution	2861194 in [MS13-082](http://go.microsoft.com/fwlink/?linkid=318048), 2832418 in [MS13-052](http://go.microsoft.com/fwlink/?linkid=299844)
[Windows 8 for x64-based Systems](https://www.microsoft.com/download/details.aspx?familyid=266c9472-ad87-4fa9-9ae3-c53327f6b09f) (3045171)	Not applicable	Important Information Disclosure	Critical Remote Code Execution	3034344 in [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460)
Windows 8 for x64-based Systems	[Microsoft .NET Framework 3.5](https://www.microsoft.com/download/details.aspx?familyid=9742b4d1-494c-4a58-af69-f3b3f91e2d85) (3048071)	Important Information Disclosure	Critical Remote Code Execution	2861194 in [MS13-082](http://go.microsoft.com/fwlink/?linkid=318048), 2832418 in [MS13-052](http://go.microsoft.com/fwlink/?linkid=299844)
[Windows 8.1 for 32-bit Systems](https://www.microsoft.com/download/details.aspx?familyid=2e3d9b4e-c3cd-4724-9f5a-cbd69a4acdde) (3045171)	Not applicable	Important Information Disclosure	Critical Remote Code Execution	3034344 in [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460)
Windows 8.1 for 32-bit Systems	[Microsoft .NET Framework 3.5](https://www.microsoft.com/download/details.aspx?familyid=e246a4fe-feea-433f-90b4-64d6fa061e87) (3048072)	Important Information Disclosure	Critical Remote Code Execution	None
[Windows 8.1 for x64-based Systems](https://www.microsoft.com/download/details.aspx?familyid=3beb5391-b901-412b-9591-f57324cfb1fd) (3045171)	Not applicable	Important Information Disclosure	Critical Remote Code Execution	3034344 in [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460)
Windows 8.1 for x64-based Systems	[Microsoft .NET Framework 3.5](https://www.microsoft.com/download/details.aspx?familyid=e246a4fe-feea-433f-90b4-64d6fa061e87) (3048072)	Important Information Disclosure	Critical Remote Code Execution	None
Windows Server 2012 and Windows Server 2012 R2
[Windows Server 2012](https://www.microsoft.com/download/details.aspx?familyid=f8662d6e-3836-48b4-a61c-09ccd58211fd) (3045171)	Not applicable	Important Information Disclosure	Critical Remote Code Execution	3034344 in [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460)
Windows Server 2012	[Microsoft .NET Framework 3.5](https://www.microsoft.com/download/details.aspx?familyid=9742b4d1-494c-4a58-af69-f3b3f91e2d85) (3048071)	Important Information Disclosure	Critical Remote Code Execution	2861194 in [MS13-082](http://go.microsoft.com/fwlink/?linkid=318048), 2832418 in [MS13-052](http://go.microsoft.com/fwlink/?linkid=299844)
[Windows Server 2012 R2](https://www.microsoft.com/download/details.aspx?familyid=85c1fe77-ef0e-4f65-aa13-3bf8f29d29d1) (3045171)	Not applicable	Important Information Disclosure	Critical Remote Code Execution	3034344 in [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460)
Windows Server 2012 R2	[Microsoft .NET Framework 3.5](https://www.microsoft.com/download/details.aspx?familyid=e246a4fe-feea-433f-90b4-64d6fa061e87) (3048072)	Important Information Disclosure	Critical Remote Code Execution	None
Windows RT and Windows RT 8.1
Windows RT^[2] (3045171)	Not applicable	Important Information Disclosure	Critical Remote Code Execution	3034344 in [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460)
Windows RT 8.1^[2] (3045171)	Not applicable	Important Information Disclosure	Critical Remote Code Execution	3034344 in [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460)
Server Core installation option
[Windows Server 2008 for 32-bit Systems Service Pack 2](https://www.microsoft.com/download/details.aspx?familyid=6f2e390c-eeda-404d-acb3-f6c28b4616be) (Server Core installation) (3045171)	Not applicable	Important Information Disclosure	Critical Remote Code Execution	3034344 in [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460)
[Windows Server 2008 for x64-based Systems Service Pack 2](https://www.microsoft.com/download/details.aspx?familyid=b10166db-a6af-4e9f-b6ea-dd0cfc3eb6e8) (Server Core installation) (3045171)	Not applicable	Important Information Disclosure	Critical Remote Code Execution	3034344 in [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460)
[Windows Server 2008 R2 for x64-based Systems Service Pack 1](https://www.microsoft.com/download/details.aspx?familyid=900ffc3d-0312-4119-9f3f-5403f8334fed) (Server Core installation) (3045171)	Not applicable	Important Information Disclosure	Critical Remote Code Execution	3034344 in [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	[Microsoft .NET Framework 3.5.1](https://www.microsoft.com/download/details.aspx?familyid=3f1a9a62-6d5e-4d0f-a68b-2c028fd9b334) (3048070)	Important Information Disclosure	Critical Remote Code Execution	2861191 in [MS13-082](http://go.microsoft.com/fwlink/?linkid=318048), 2832414 in [MS13-052](http://go.microsoft.com/fwlink/?linkid=299844)
[Windows Server 2012](https://www.microsoft.com/download/details.aspx?familyid=f8662d6e-3836-48b4-a61c-09ccd58211fd) (Server Core installation) (3045171)	Not applicable	Important Information Disclosure	Critical Remote Code Execution	3034344 in [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460)
Windows Server 2012 (Server Core installation)	[Microsoft .NET Framework 3.5](https://www.microsoft.com/download/details.aspx?familyid=9742b4d1-494c-4a58-af69-f3b3f91e2d85) (3048071)	Important Information Disclosure	Critical Remote Code Execution	2861194 in [MS13-082](http://go.microsoft.com/fwlink/?linkid=318048), 2832418 in [MS13-052](http://go.microsoft.com/fwlink/?linkid=299844)
[Windows Server 2012 R2](https://www.microsoft.com/download/details.aspx?familyid=85c1fe77-ef0e-4f65-aa13-3bf8f29d29d1) (Server Core installation) (3045171)	Not applicable	Important Information Disclosure	Critical Remote Code Execution	3034344 in [MS15-023](http://go.microsoft.com/fwlink/?linkid=526460)
Windows Server 2012 R2 (Server Core installation)	[Microsoft .NET Framework 3.5](https://www.microsoft.com/download/details.aspx?familyid=e246a4fe-feea-433f-90b4-64d6fa061e87) (3048072)	Important Information Disclosure	Critical Remote Code Execution	None

**Note** Updates are available for Windows Technical Preview and Windows Server Technical Preview. Customers running Preview editions are encouraged to apply the updates, which are provided via [Windows Update](http://go.microsoft.com/fwlink/?linkid=21130). Updates are also available for Microsoft .NET Framework 4.6 RC, which are available via the [Microsoft Download Center](http://go.microsoft.com/fwlink/?linkid=21129) only.

^[1].NET Framework 4 and .NET Framework 4 Client Profile affected.

^[2]This update is available via Windows Update only.

Microsoft Office

Office Software	OpenType Font Parsing Vulnerability - CVE-2015-1670	TrueType Font Parsing Vulnerability - CVE-2015-1671	Updates Replaced
Microsoft Office 2007 Service Pack 3 (2883029)	Not applicable	Critical Remote Code Execution	2878233 in MS14-036
Microsoft Office 2010 Service Pack 2 (32-bit editions) (2881073)	Not applicable	Critical Remote Code Execution	2863942 in MS14-036
Microsoft Office 2010 Service Pack 2 (64-bit editions) (2881073)	Not applicable	Critical Remote Code Execution	2863942 in MS14-036

### Microsoft Communications Platforms and Software

Software	OpenType Font Parsing Vulnerability - CVE-2015-1670	TrueType Font Parsing Vulnerability - CVE-2015-1671	Updates Replaced
Microsoft Live Meeting 2007 Console[1] (3051467)	Not applicable	Critical Remote Code Execution	2968966 in MS14-036
Microsoft Lync 2010 (32-bit) (3051464)	Not applicable	Critical Remote Code Execution	2963285 in MS14-036
Microsoft Lync 2010 (64-bit) (3051464)	Not applicable	Critical Remote Code Execution	2963285 in MS14-036
Microsoft Lync 2010 Attendee[1] (user level install) (3051465)	Not applicable	Critical Remote Code Execution	2963282 in MS14-036
Microsoft Lync 2010 Attendee (admin level install) (3051466)	Not applicable	Critical Remote Code Execution	2963284 in MS14-036
Microsoft Lync 2013 Service Pack 1 (32-bit) (Skype for Business) (3039779)	Not applicable	Critical Remote Code Execution	2881013 in MS14-036
Microsoft Lync Basic 2013 Service Pack 1 (32-bit) (Skype for Business Basic) (3039779)	Not applicable	Critical Remote Code Execution	2881013 in MS14-036
Microsoft Lync 2013 Service Pack 1 (64-bit) (Skype for Business) (3039779)	Not applicable	Critical Remote Code Execution	2881013 in MS14-036
Microsoft Lync Basic 2013 Service Pack 1 (64-bit) (Skype for Business Basic) (3039779)	Not applicable	Critical Remote Code Execution	2881013 in MS14-036

^[1]This update is available from the [Microsoft Download Center](http://go.microsoft.com/fwlink/?linkid=21129) only. ### Microsoft Developer Tools and Software

Software	OpenType Font Parsing Vulnerability - CVE-2015-1670	TrueType Font Parsing Vulnerability - CVE-2015-1671	Updates Replaced
Microsoft Silverlight 5 when installed on Mac (3056819)	Not applicable	Critical Remote Code Execution	2932677 in MS14-014
Microsoft Silverlight 5 Developer Runtime when installed on Mac (3056819)	Not applicable	Critical Remote Code Execution	2932677 in MS14-014
Microsoft Silverlight 5 when installed on all supported releases of Microsoft Windows clients (3056819)	Not applicable	Critical Remote Code Execution	2932677 in MS14-014
Microsoft Silverlight 5 Developer Runtime when installed on all supported releases of Microsoft Windows clients (3056819)	Not applicable	Critical Remote Code Execution	2932677 in MS14-014
Microsoft Silverlight 5 when installed on all supported releases of Microsoft Windows servers (3056819)	Not applicable	Critical Remote Code Execution	2932677 in MS14-014
Microsoft Silverlight 5 Developer Runtime when installed on all supported releases of Microsoft Windows servers (3056819)	Not applicable	Critical Remote Code Execution	2932677 in MS14-014

Update FAQ ---------- **Why are some of the update files listed in this bulletin also denoted in other bulletins released in May?** Several of the update files listed in this bulletin are also denoted in other bulletins being released in May due to overlapping affected software. Although the different bulletins address separate security vulnerabilities the security updates have been consolidated where possible and appropriate, hence the occurrence of some identical update files being present in multiple bulletins. Note that identical update files shipping with multiple bulletins do not need to be installed more than once. **There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Affected Software table for the software?** Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. **How do I determine which version of Microsoft .NET Framework is installed?** You can install and run multiple versions of .NET Framework on a system, and you can install the versions in any order. For more information, see [Microsoft Knowledge Base Article 318785](https://support.microsoft.com/kb/318785). **What is the difference between .NET Framework 4 and .NET Framework 4 Client Profile?** The .NET Framework version 4 redistributable packages are available in two profiles: .NET Framework 4 and .NET Framework 4 Client Profile. The .NET Framework 4 Client Profile is a subset of the .NET Framework 4 profile that is optimized for client applications. It provides functionality for most client applications, including Windows Presentation Foundation (WPF), Windows Forms, Windows Communication Foundation (WCF), and ClickOnce features. This enables faster deployment and a smaller install package for applications that target the .NET Framework 4 Client Profile. For more information, see the MSDN article, [.NET Framework Client Profile](http://msdn.microsoft.com/library/cc656912). **Do I need to install these security updates in a particular sequence?** No. Multiple updates for a given system can be applied in any sequence. **I am being offered a Microsoft Office update for software that is not specifically listed in the Affected Software table. Why am I being offered this update?** When updates address vulnerable code that exists in a component that is shared between multiple Microsoft Office products or shared between multiple versions of the same Microsoft Office product, the update is considered to be applicable to all supported products and versions that contain the vulnerable component. For example, when an update applies to Microsoft Office 2007 products, only Microsoft Office 2007 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2007, Microsoft Excel 2007, Microsoft Visio 2007, Microsoft Compatibility Pack, Microsoft Excel Viewer, or any other Microsoft Office 2007 product that is not specifically listed in the Affected Software table. Furthermore, when an update applies to Microsoft Office 2010 products, only Microsoft Office 2010 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Software table. For more information on this behavior and recommended actions, see [Microsoft Knowledge Base Article 830335](https://support.microsoft.com/kb/830335). For a list of Microsoft Office products an update may apply to, refer to the Microsoft Knowledge Base Article associated with the specific update. **I am running Office 2010, which is listed as affected software. Why am I not being offered the update?** The update will only be offered to systems that are running Microsoft Office 2010 on supported editions of Windows Server 2003. The update is not applicable to other supported configurations because the vulnerable code is not present. **Are there any related non-security updates that customers should install along with the Microsoft Live Meeting Console security update?** Yes, in addition to releasing a security update for Microsoft Live Meeting Console, Microsoft has released the following non-security updates for the OCS Conferencing Addin for Outlook. Where applicable, Microsoft recommends that customers install these updates to keep their systems up-to-date: - OCS Conferencing Addin for Outlook (32-bit) (3051468) - OCS Conferencing Addin for Outlook (64-bit) (3051468) See [Microsoft Knowledge Base Article 3051468](https://support.microsoft.com/kb/3051468) for more information. **Why is the Lync 2010 Attendee (user level install) update only available from the Microsoft Download Center?** Microsoft is releasing the update for Lync 2010 Attendee (user level install) to the [Microsoft Download Center](http://go.microsoft.com/fwlink/?linkid=21129) only. Because the user level installation of Lync 2010 Attendee is handled through a Lync session, distribution methods such as automatic updating are not appropriate for this type of installation scenario. **Which web browsers support Microsoft Silverlight applications?** In order to run Microsoft Silverlight applications, most web browsers, including Microsoft Internet Explorer, require Microsoft Silverlight to be installed and the corresponding plug-in to be enabled. For more information about Microsoft Silverlight, see the official site, [Microsoft Silverlight](http://www.microsoft.com/silverlight/). Please refer to the documentation of your browser to learn more about how to disable or remove plug-ins. **What versions of Microsoft Silverlight 5 are affected by the vulnerability?** Microsoft Silverlight build 5.1.40416.00, which was the current build of Microsoft Silverlight as of when this bulletin was first released, addresses the vulnerability and is not affected. Builds of Microsoft Silverlight previous to 5.1.40416.00 are affected. **How do I know which version and build of Microsoft Silverlight is currently installed on my system?** If Microsoft Silverlight is already installed on your computer, you can visit the [Get Microsoft Silverlight](http://www.microsoft.com/getsilverlight) page, which will indicate which version and build of Microsoft Silverlight is currently installed on your system. Alternatively, you can use the Manage Add-Ons feature of current versions of Microsoft Internet Explorer to determine the version and build information that is currently installed on your system. You can also manually check the version number of sllauncher.exe located in the “%ProgramFiles%\\Microsoft Silverlight” directory (on x86 Microsoft Windows systems) or in the “%ProgramFiles(x86)%\\Microsoft Silverlight” directory (on x64 Microsoft Windows systems). In addition, on Microsoft Windows, the version and build information of the currently installed version of Microsoft Silverlight can be found in the registry at \[HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Silverlight\]:Version on x86 Microsoft Windows systems, or \[HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Silverlight\]:Version on x64 Microsoft Windows systems. On Apple Mac OS, the version and build information of the currently installed version of Microsoft Silverlight can be found as follows: 1. Open the **Finder** 2. Select the system drive and go to the folder **Internet Plug-ins - Library** 3. Right-click the file **Silverlight.Plugin** (if your mouse has only one button, press the **Ctrl** key while clicking on the file) to bring up the context menu, then click **Show Package Contents** 4. Inside the contents folder, locate the file **info.plist** and open it with an editor. It will contain an entry like this, which shows you the version number: SilverlightVersion 5.1.40416.00 The version installed with this security update for Microsoft Silverlight 5 is 5.1.40416.00. If your Microsoft Silverlight 5 version number is higher than or equal to this version number, your system is not vulnerable. **How do I upgrade my version of Microsoft Silverlight?** The Microsoft Silverlight auto-update feature helps make sure that your Microsoft Silverlight installation is kept up to date with the latest version of Microsoft Silverlight, Microsoft Silverlight functionality, and security features. For more information about the Microsoft Silverlight auto-update feature, see the [Microsoft Silverlight Updater](http://www.microsoft.com/getsilverlight/resources/documentation/updater.aspx). Windows users who have disabled the Microsoft Silverlight auto-update feature can enroll in [Microsoft Update](http://go.microsoft.com/fwlink/?linkid=40747) to obtain the latest version of Microsoft Silverlight, or can download the latest version of Microsoft Silverlight manually using the download link in the Affected Software table in the earlier section, **Affected and Non-Affected Software**. For information about deploying Microsoft Silverlight in an enterprise environment, see the [Silverlight Enterprise Deployment Guide](http://go.microsoft.com/fwlink/?linkid=119611). **Will this update upgrade my version of Silverlight?** The 3056819 update upgrades previous versions of Silverlight to Silverlight version 5.1.40416.00. Microsoft recommends upgrading to be protected against the vulnerability described in this bulletin. **Where can I find additional information about the Silverlight product lifecycle?** For lifecycle information specific to Silverlight, see the [Microsoft Silverlight Support Lifecycle Policy](https://support.microsoft.com/gp/lifean45). Vulnerability Information ------------------------- OpenType Font Parsing Vulnerability - CVE-2015-1670 --------------------------------------------------- An information disclosure vulnerability exists in Microsoft Windows when the Windows DirectWrite library improperly handles OpenType fonts. An attacker who successfully exploited this vulnerability could potentially read data which was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. To exploit the vulnerability an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince a user to view the website. This could also include compromised websites and websites that accept or host user-provided content or advertisements. In all cases, however, an attacker would have no way to force users to visit such websites. Instead, an attacker would have to convince users to visit a website, typically by way of enticements in Instant Messenger or email messages. The update addresses the vulnerability by correcting how the Windows DirectWrite library handles OpenType fonts. Microsoft received information about the vulnerability through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers. ### Mitigating Factors Microsoft has not identified any [mitigating factors](https://technet.microsoft.com/library/security/dn848375.aspx) for this vulnerability. ### Workarounds Microsoft has not identified any [workarounds](https://technet.microsoft.com/library/security/dn848375.aspx) for this vulnerability. TrueType Font Parsing Vulnerability - CVE-2015-1671 --------------------------------------------------- A remote code execution vulnerability exists when components of Windows, .NET Framework, Office, Lync, and Silverlight fail to properly handle TrueType fonts. An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit this vulnerability, including by convincing a user to open a specially crafted document or convincing them to visit an untrusted webpage that contains embedded TrueType fonts. The update addresses the vulnerability by correcting how the Windows DirectWrite library handles TrueType fonts. Microsoft received information about the vulnerability through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers. ### Mitigating Factors Microsoft has not identified any [mitigating factors](https://technet.microsoft.com/library/security/dn848375.aspx) for this vulnerability. ### Workarounds Microsoft has not identified any [workarounds](https://technet.microsoft.com/library/security/dn848375.aspx) for this vulnerability. Security Update Deployment -------------------------- For Security Update Deployment information, see the Microsoft Knowledge Base article referenced in the Executive Summary. Acknowledgments --------------- Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure. See [Acknowledgments](https://technet.microsoft.com/library/security/dn903755.aspx) for more information. Disclaimer ---------- The information provided in the Microsoft Knowledge Base is provided “as is” without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Revisions --------- - V1.0 (May 12, 2015): Bulletin published. - V2.0 (May 21, 2015): Bulletin revised to announce the availability of a new update (3065979) that fixes a known issue that some customers experienced after installing the 3045171 security update on all supported editions of Windows 7/Windows 2008 R2 and earlier systems. The 3045171 security update causes customer applications to crash while attempting to create text-outline-based path objects using GDI+. Customers who are experiencing this known issue can correct the problem by installing the 3065979 update. See [Microsoft Knowledge Base Article 3065979](https://support.microsoft.com/kb/3065979) for more information and download links. - V2.1 (June 23, 2015): Bulletin revised to announce a detection change in the 3056819 update for Microsoft Silverlight 5. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action. *Page generated 2016-08-29 09:25-07:00.*