Posted by: Ed Tittel
Security bulletin MS12-078, originally released on 12/11/2012, was updated yesterday (12/20/2012). This is a critical patch that seeks to address “vulnerabilities in Windows Kernel-Mode drivers [that] could allow remote code execution,” so it’s a pretty big deal. The update has to do with corrections to the way that Windows kernel-mode drivers handle objects in memory. So far there have been some reports of font corruption in Windows XP and Windows 7 as a result of this fix, which manifested as disappearing fonts in PowerPoint, Corel Draw, Quark Express, Flexi, and other graphics/layout applications. Apparently, this is what occasioned the out-of-band “band-aid” on December 20 to fix the bugs introduced by the original version of the MS12-078 update released on December 11. There’s a good story about this on the Infoworld Tech Watch by Windows and Office guru Woody Leonhard dated December 14 — I wish he’d update to follow up with coverage of the band-aid — and he has done so, see his “re-issue” blog at the same site.
In today’s follow-up post, Woody identifies a “list of borked apps” as follows: Quark Xpress, Quark CopyDesk, FlexiSign, SignLab, Musescore, Avid Marquee, Bentley MicroStation, Inkscape, Xara, Extensis, Serif PagePlus, Document Toolkit, Flash in design mode, and most embarrassingly PowerPoint and, reportedly, Excel. That’s quite a handful!
Apparently, it’s tied into the OpenType Compact Font Format (CFF) driver, as documented in MS KB article 2753842. Yesterday MS amended the KB article to add this language:
The original version of security update 2753842 had an issue related to OTF (OpenType Font) rendering in applications such as PowerPoint on affected versions of Windows. This issue was resolved in the version of this security update that was rereleased on December 20, 2012.
The upshot of this re-issue is that you need to install this new version of MS12-079/KB s753842 whether or not ou installed the original, bug-infested version. That’s why many users will see the patch offered a second time (the first time on or around December 11, the second time starting yesterday, December 20). It’s the only way to fix the bugs that the original patch introduced, while also addressing the security vulnerability that both patches were intended to address, even though the first one didn’t do so in the most efficacious way.