MS15-044 and MS15-051: Description of the security update for Windows font drivers

Summary

This security update resolves vulnerabilities in Windows, the Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. The more severe of these vulnerabilities could allow for one of the following scenarios:
  • Remote code execution if a user opens a specially crafted document or goes to an untrusted webpage that contains embedded TrueType fonts.
  • Elevation of privilege if an attacker logs on locally and runs arbitrary code in kernel mode. An attacker could then take the following actions:
    • Install programs
    • View, change, or delete data
    • Create new accounts that have full user rights
    An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability cannot be exploited remotely or by anonymous users.

Introduction

Microsoft has released security bulletins MS15-044 and MS15-051. To learn more about the security bulletins:

How to obtain help and support for this security update

Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware:
Virus Solution and Security Center

Local support according to your country:
International Support

More Information

Known issues with this security update

  • After you install this security update (3045171), you experience crashes when you use Windows GDI+ to create text outline-based path objects on a computer that's running Windows 7 or an earlier version of Windows.

    To resolve this problem, install update 3065979. For more information, click the following article number to go to the article in the Microsoft Knowledge Base:
    3065979 "GsDraw error (1): GenericError" error occurs and application crashes when you create text outline in Windows
  • After you install this security update on a computer that's running Windows Vista or Windows Server 2008, you may receive an error message that resembles the following for the FontCache service in the Services Microsoft Management Console (MMC):



    Failed to Read Description. Error Code: 15100


    When you open FontCache service in the Services MMC, you may receive an error message that resembles the following:


    Configuration Manager: A general error occurred

    The resource loader failed to find MUI file


    To resolve this problem, install update 971512. For more information, click the following article number to go to the article in the Microsoft Knowledge Base:
    971512 Description of the Windows Graphics, Imaging, and XPS Library

File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.


Windows Server 2003 file information
Windows Vista and Windows Server 2008 file information
Windows 7 and Windows Server 2008 R2 file information
Windows 8 and Windows Server 2012 file information
Windows 8.1 and Windows Server 2012 R2 file information
Properties

Article ID: 3045171 - Last Review: Jun 24, 2015 - Revision: 1

Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Standard, Windows Server 2012 R2 Essentials, Windows Server 2012 R2 Foundation, Windows 8.1 Enterprise, Windows 8.1 Pro, Windows 8.1, Windows RT 8.1, Windows Server 2012 Datacenter, Windows Server 2012 Datacenter, Windows Server 2012 Datacenter, Windows Server 2012 Datacenter, Windows Server 2012 Standard, Windows Server 2012 Standard, Windows Server 2012 Standard, Windows Server 2012 Standard, Windows Server 2012 Essentials, Windows Server 2012 Foundation, Windows Server 2012 Foundation, Windows Server 2012 Foundation, Windows Server 2012 Foundation, Windows 8 Enterprise, Windows 8 Pro, Windows 8, Windows RT, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Datacenter, Windows Server 2008 R2 Enterprise, Windows Server 2008 R2 Standard, Windows Web Server 2008 R2, Windows Server 2008 R2 Foundation, Windows 7 Service Pack 1, Windows 7 Ultimate, Windows 7 Enterprise, Windows 7 Professional, Windows 7 Home Premium, Windows 7 Home Basic, Windows 7 Starter, Windows Server 2008 Service Pack 2, Windows Server 2008 Datacenter, Windows Server 2008 Enterprise, Windows Server 2008 Standard, Windows Web Server 2008, Windows Server 2008 Foundation, Windows Server 2008 for Itanium-Based Systems, Windows Vista Service Pack 2, Windows Vista Ultimate, Windows Vista Enterprise, Windows Vista Business, Windows Vista Home Premium, Windows Vista Home Basic, Windows Vista Starter, Microsoft Windows Server 2003 Service Pack 2, Microsoft Windows Server 2003, Datacenter Edition (32-bit x86), Microsoft Windows Server 2003, Enterprise Edition (32-bit x86), Microsoft Windows Server 2003, Standard Edition (32-bit x86), Microsoft Windows Server 2003, Web Edition, Microsoft Windows Server 2003, Datacenter x64 Edition, Microsoft Windows Server 2003, Enterprise x64 Edition, Microsoft Windows Server 2003, Standard x64 Edition, Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems, Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems

Feedback