Technical Information

Brief overview of the risk:
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker places a specially crafted TrueType font on a network share and a user subsequently navigates there in Windows Explorer. In a web-based attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability.

Detailed Information on the risk:

A denial of service vulnerability exists in the Windows kernel-mode driver that is caused by the improper handling of TrueType font objects in memory.

Further information on this exploit is available at : MS14-079

Windows Server 2003 Service Pack 2 
Windows Server 2003 x64 Edition Service Pack 2 
Windows Server 2003 with SP2 for Itanium-based Systems 
Windows Vista Service Pack 2 
Windows Vista x64 Edition Service Pack 2 
Windows Server 2008 for 32-bit Systems Service Pack 2 
Windows Server 2008 for x64-based Systems Service Pack 2 
Windows Server 2008 for Itanium-based Systems Service Pack 2 
Windows 7 for 32-bit Systems Service Pack 1 
Windows 7 for x64-based Systems Service Pack 1 
Windows Server 2008 R2 for x64-based Systems Service Pack 1 
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 
Windows 8 and Windows 8.1
Windows 8 for 32-bit Systems 
Windows 8 for x64-based Systems 
Windows 8.1 for 32-bit Systems 
Windows 8.1 for x64-based Systems 
Windows Server 2012 and Windows Server 2012 R2
Windows Server 2012 
Windows Server 2012 R2 
Windows RT and Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)