The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted file or website. An attacker who successfully exploited the vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
This security update is rated Critical for all supported releases of Microsoft Windows. For more information, see the Affected Software section.
The security update addresses the vulnerability by correcting how the font parser allocates memory and by correcting how objects in memory are handled. For more information about the vulnerability, see the Vulnerability Information section.
For more information about this update, see Microsoft Knowledge Base Article 3032323.
Tuesday, March 10, 2015