As of early November, 2011, Microsoft has provided notification of a serious security vulnerability that are transmitted via TrueType fonts. Office documents can include embedded fonts that automatically install themselves when the document is opened, so PowerPoint, Word and Excel files should be considered risky.
Until there’s a complete fix for the problem, Microsoft offers a workaround that involves disabling the ability of applications (such as PowerPoint) and Windows to install embedded fonts on demand. If you choose to use this workaround, documents that rely on embedded fonts for proper formatting won’t look right when opened, that is, the embedded font won’t work, but your system should be safe from this particular attack.
Read the following pages at Microsoft’s site for an automated Fixit method and a manual, command line method:
- http://support.microsoft.com/kb/2639658
- http://technet.microsoft.com/en-us/security/advisory/2639658
Leave a Reply