All Products
Document Center

[Vulnerability notice] CVE-2014-4148: TrueType font analysis remote code execution vulnerability

Last Updated: Mar 19, 2018

Vulnerability description

When the driver program in Windows kernel mode processes the TrueType font incorrectly, the system has a remote code execution vulnerability.

Successful exploits allow the attacker to run any code in kernel mode. The attacker can install programs, view, change or delete data, or create new accounts that have all user privileges in the affected system.

Affected system

Windows Server 2003 to Windows 8.1


Enable automatic updating and update the patch MS14-058.