The vulnerability tally in Microsoft Windows continues to grow and this one is of the Remote Code Execution (RCE) variety. Known as the OpenType Font Driver vulnerability, its existence can be attributed to the inability of the Windows Adobe Type Manager Library to properly handle specially crafted OpenType fonts.

Unauthenticated attackers can exploit this vulnerability by either convincing users to open specially crafted documents or persuading them to visit a dubious webpage that contains embedded OpenType fonts. If attackers successfully exploit this vulnerability, they can take complete control of the affected system. Microsoft has issued a security bulletin regarding this vulnerability at https://technet.microsoft.com/en-us/library/security/ms15-078.aspx.

The following software versions are affected by this vulnerability:

Microsoft Windows Server 2012 R2 (Server Core installation)
Microsoft Windows Server 2012 (Server Core installation)
Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Microsoft Windows Windows 7 for x64-based Systems Service Pack 1
Microsoft Windows Windows 7 for 32-bit Systems Service Pack 1
Microsoft Windows 8.1 for x64-based Systems
Microsoft Windows 8.1 for 32-bit Systems
Microsoft Windows 8 for x64-based Systems
Microsoft Windows 8 for 32-bit Systems
Microsoft Windows Server 2012 R2
Microsoft Windows RT 8.1
Microsoft Windows Server 2012
Microsoft Windows RT
Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2
Microsoft Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Vista Service Pack 2

Severity Details:

The severity classification of this vulnerability is HIGH (6).

The following factors were taken into consideration to determine its severity rating:

This vulnerability can be exploited only if the attacker can lure a victim to perform an unwanted action.
The assets affected by this vulnerability are estimated to be of MEDIUM value.
The vendor is a major enterprise software/equipment vendor.
The software is broadly deployed in enterprise environments.
The software affected by this vulnerability is very broadly deployed.
The vulnerability, if exploited, can enable non-privileged code execution.
This is a client compromise.
The technical details for this vulnerability are publicly available.