MS15-044: Vulnerabilities in Microsoft font drivers could allow remote code execution: May 12, 2015

Applies to: Windows Server 2012 R2 DatacenterWindows Server 2012 R2 StandardWindows Server 2012 R2 Essentials More

This security update resolves vulnerabilities in Windows, the Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted document or goes to an untrusted webpage that contains embedded TrueType fonts.

Introduction


Microsoft has released security bulletin MS15-044. To learn more about this security bulletin:

How to obtain help and support for this security update

Help installing updates:
Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Troubleshooting and Support

Help protect your Windows-based computer from viruses and malware:
Virus Solution and Security Center

Local support according to your country: International support

More information about this security update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed under each article link.
Article number Article title
3045171 MS15-044 and MS15-051: Description of the security update for Windows font drivers
3057781 MS15-044: Description of the security update for the .NET Framework 4.6 RC on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: May 12, 2015
3048077 MS15-044: Description of the security update for the .NET Framework 4.5, 4.5.1, and 4.5.2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: May 12, 2015
3048074 MS15-044: Description of the security update for the .NET Framework 4 on Windows Server 2003, Windows Vista, and Windows Server 2008: May 12, 2015
3048070 MS15-044: Description of the security update for the .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: May 12, 2015
3048072 MS15-044: Description of the security update for the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2: May 12, 2015
3048071 MS15-044: Description of the security update for the .NET Framework 3.5 on Windows 8 and Windows Server 2012: May 12, 2015
3048068 MS15-044: Description of the security update for the .NET Framework 3.0 Service Pack 2 on Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2: May 12, 2015
3048073 MS15-044: Description of the security update for the .NET Framework 3.0 Service Pack 2 on Windows Server 2003: May 12, 2015
3039779 MS15-044: Description of the security update for Lync 2013 (Skype for Business): May 12, 2015
3056819 MS15-044: Description of the security update for Silverlight 5: May 12, 2015
2881073 MS15-044: Description of the security update for Microsoft Office 2010 Service Pack 2
2883029 MS15-044: Description of the security update for the 2007 Microsoft Office suite Service Pack 3
3051464 MS15-044: Description of the security update for Lync 2010: May 12, 2015
3051467 MS15-044: Description of the security update for Live Meeting Console: May 12, 2015
3051465 MS15-044: Description of the security update for Lync 2010 Attendee (user-level installation): May 12, 2015
3051466 MS15-044: Description of the security update for Lync 2010 Attendee (admin-level installation): May 12, 2015
3045171 MS15-044 and MS15-051: Description of the security update for Windows font drivers


Known issues in security update 3045171:



  • After you install this security update (3045171), you experience crashes when you use Windows GDI+ to create text outline-based path objects on a computer that's running Windows 7 or an earlier version of Windows.

    To resolve this problem, install update 3065979. For more information, click the following article number to go to the article in the Microsoft Knowledge Base:
    3065979 "GsDraw error (1): GenericError" error occurs and application crashes when you create text outline in Windows
  • After you install this security update on a computer that's running Windows Vista or Windows Server 2008, you may receive an error message that resembles the following for the FontCache service in the Services Microsoft Management Console (MMC):

    Failed to Read Description. Error Code: 15100

    When you open the FontCache service in the Services MMC, you may receive an error message that resembles the following:

    Configuration Manager: A general error occurred

    The resource loader failed to find MUI file

    To resolve this problem, install update 971512. For more information, click the following article number to go to the article in the Microsoft Knowledge Base:
    971512 Description of the Windows Graphics, Imaging, and XPS Library