This week, several previously unidentified critical vulnerabilities in a common component of all supported versions of Microsoft Windows were announced. The flaw is in the Adobe OpenType Manager Library. These flaws were found as a result of the infiltration of an Italian spyware making firm, and have been confirmed by Microsoft. In an unusual step, Microsoft has released a patch for these flaws between their usual patch release date, the second Tuesday of the month.
If you have Automatic Updates enabled in your version of Windows, you need not take any action regarding this vulnerability. The patch will automatically be applied, and you should simply reboot your computer at your earliest opportunity. If you have for some reason disabled Automatic Updates, then you should run Windows Update as soon as possible. To update, simply locate your Search bar, type in “update” without the quotes, and then click on Windows Update. Follow the prompts to install any available updates, and reboot when prompted.
For more information on this vulnerability, you may read the article at this link:
http://www.update.microsoft. com/windowsupdate/v6/thanks. aspx?ln=en&&thankspage=5
IT Managers may read Microsoft’s detailed description at the following link:
https://technet.microsoft.com/ library/security/MS15-078
As a reminder, Microsoft no longer supports versions of Windows older than Vista (i.e., Windows 95, 98, 2000, ME, and XP). If you are still using a version of Windows that is unsupported by Microsoft, these vulnerabilities, as well as any newly discovered ones going forward will remain unpatched. NYU TSS strongly recommends that you upgrade your operating system immediately by purchasing a new version of Windows or a new computer.