CVE-2014-6317

Name of the Vulnerable Software and Affected Versions Windows Server 2003 version SP2 Windows Vista version SP2 Windows Server 2008 versions SP2 and R2 SP1 Windows 7 version SP1 Windows 8 Windows 8.1 Windows Server 2012 versions Gold and R2 Windows RT versions Gold and 8.1

Description A denial of service issue exists due to the improper handling of TrueType font objects in memory by the Windows kernel-mode driver. This allows remote attackers to cause a denial of service, resulting in the system stopping to respond and restarting, via a crafted TrueType font.

Recommendations For Windows Server 2003 SP2, update to a newer version to mitigate the risk. For Windows Vista SP2, update to a newer version to mitigate the risk. For Windows Server 2008 SP2 and R2 SP1, update to a newer version to mitigate the risk. For Windows 7 SP1, update to a newer version to mitigate the risk. For Windows 8, update to a newer version to mitigate the risk. For Windows 8.1, update to a newer version to mitigate the risk. For Windows Server 2012 Gold and R2, update to a newer version to mitigate the risk. For Windows RT Gold and 8.1, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting the use of TrueType fonts until a patch is available.