Lucene search

MicrosoftKB4048968

HistoryNov 14, 2017 - 8:00 a.m.

Description of the security update for the Windows EOT font engine information disclosure vulnerability in Windows Server 2008: November 14, 2017

2017-11-1408:00:00

Microsoft

support.microsoft.com

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.8%

JSON

Description of the security update for the Windows EOT font engine information disclosure vulnerability in Windows Server 2008: November 14, 2017

Summary

An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts.

To learn more about the vulnerabilities, go to the Security Update Guide.

More Information

Important

If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Deployment information

For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:
Security update deployment information: November 14, 2017

More Information

File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight-saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

Windows Server 2008 file information

**Note:**The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

How to obtain help and support for this security update

Help for installing updates: Windows Update: FAQ

Security solutions for IT professionals: TechNet Security Support and Troubleshooting

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure

Local support according to your country: International Support

File Information

File hash information

File name	SHA1 hash	SHA256 hash
Windows6.0-KB4048968-ia64.msu	267AFA233DE18D4DD8E590BF85648C978B76AFB0	B8B1636A696BF062D34E93048D7DB5421C11F5B15706A72D2F8E14D3430A42C5
Windows6.0-KB4048968-x64.msu	2885FF8B29D182ABAD819CAAAF00345D336576F2	459B67983A50DF37745B8179947AE8D452EBB32CFA02A2AE2EBEAF80965F64DC
Windows6.0-KB4048968-x86.msu	72C48DCCB4E51588A96C1CD0299D0CC4189F402E	C1E89EB123277AC4F7424566337972496015EEA79E53692BCCEFC9D69EF625DC

For all supported ia64-based versions

File name	File version	File size	Date	Time	Platform
T2embed.dll	6.0.6002.24215	410,112	15-Oct-2017	15:27	IA-64
Atmfd.dll	5.1.2.252	793,320	15-Oct-2017	15:32	IA-64
Atmlib.dll	5.1.2.252	92,160	15-Oct-2017	15:25	IA-64
Dciman32.dll	6.0.6002.24215	29,184	15-Oct-2017	15:25	IA-64
Fontsub.dll	6.0.6002.24215	196,096	15-Oct-2017	15:26	IA-64
Lpk.dll	6.0.6002.24215	68,608	15-Oct-2017	15:26	IA-64
Atmfd.dll	5.1.2.252	306,408	15-Oct-2017	15:38	x86
Atmlib.dll	5.1.2.252	34,304	15-Oct-2017	15:31	x86
Dciman32.dll	6.0.6002.24215	10,240	15-Oct-2017	15:31	x86
Fontsub.dll	6.0.6002.24215	72,704	15-Oct-2017	15:31	x86
Lpk.dll	6.0.6002.24215	23,552	15-Oct-2017	15:33	x86
T2embed.dll	6.0.6002.24215	159,232	15-Oct-2017	15:32	x86

For all supported x64-based versions

File name	File version	File size	Date	Time	Platform
T2embed.dll	6.0.6002.24215	192,512	15-Oct-2017	15:32	x64
Atmfd.dll	5.1.2.252	383,208	15-Oct-2017	15:36	x64
Atmlib.dll	5.1.2.252	48,128	15-Oct-2017	15:30	x64
Dciman32.dll	6.0.6002.24215	14,336	15-Oct-2017	15:30	x64
Fontsub.dll	6.0.6002.24215	96,256	15-Oct-2017	15:30	x64
Lpk.dll	6.0.6002.24215	32,768	15-Oct-2017	15:31	x64
Atmfd.dll	5.1.2.252	306,408	15-Oct-2017	15:38	x86
Atmlib.dll	5.1.2.252	34,304	15-Oct-2017	15:31	x86
Dciman32.dll	6.0.6002.24215	10,240	15-Oct-2017	15:31	x86
Fontsub.dll	6.0.6002.24215	72,704	15-Oct-2017	15:31	x86
Lpk.dll	6.0.6002.24215	23,552	15-Oct-2017	15:33	x86
T2embed.dll	6.0.6002.24215	159,232	15-Oct-2017	15:32	x86

For all supported x86-based versions

File name	File version	File size	Date	Time	Platform
T2embed.dll	6.0.6002.24215	159,232	15-Oct-2017	15:32	x86
Atmfd.dll	5.1.2.252	306,408	15-Oct-2017	15:38	x86
Atmlib.dll	5.1.2.252	34,304	15-Oct-2017	15:31	x86
Dciman32.dll	6.0.6002.24215	10,240	15-Oct-2017	15:31	x86
Fontsub.dll	6.0.6002.24215	72,704	15-Oct-2017	15:31	x86
Lpk.dll	6.0.6002.24215	23,552	15-Oct-2017	15:31	x86