Windows 2000 Most Vulnerable to Attacks Caused by Flaw in EOT Font Engine

Microsoft has released a security bulletin concerning a serious flaw in the Embedded OpenType (EOT) Font Engine that ships with all current versions of Windows, but primarily affects Windows 2000. Windows 2000 is the only version of Windows that implements the EOT engine in a way that exposes this flaw, so users of Windows versions other than Windows 2000 are considered to have little to no risk of an attacker exploiting this flaw on their machines. However, administrators of machines operating on all versions of Windows should still apply the appropriate patches to mitigate the risk of attack. These patches will be deployed automatically for 3D clients receiving 3D patching services. Other Windows users, especially those using Windows 2000, should quickly install the security patches released by Microsoft to fix these vulnerabilities or allow Microsoft’s Update utility to install them automatically.

In general, due to its age, Windows 2000 is becoming more and more vulnerable to attacks like these, and support (developing security patches, etc.) for Windows 2000 by Microsoft will cease on July 13, 2010. For these reasons, we strongly encourage Windows 2000 users to upgrade their operating systems to a more recent version of Windows that will continue to be supported by Microsoft and therefore be less vulnerable to attacks. 3D can assist clients still using Windows 2000 in selecting and upgrading their machines to versions of Windows that will keep their networks and business data safer from future threats.

For more information on ways 3D can help keep your network secure, visit our website at www.3dcorp.us, email us at info@3dcorp.us, or call us at (360) 671-4906.

References: WatchGuard's LiveSecurity Service Update "Critical Windows EOT Engine Vulnerabilities Primarily Affect 2K," Microsoft Security Bulletin MS10-001