Lucene search

K
mskbMicrosoftKB4344104
HistoryAug 14, 2018 - 7:00 a.m.

Description of the security update for the font library vulnerability in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009: August 14, 2018

2018-08-1407:00:00
Microsoft
support.microsoft.com
21

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.202

Percentile

96.4%

Description of the security update for the font library vulnerability in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009: August 14, 2018

Summary

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts.

To learn more about the vulnerability, go to CVE-2018-8344.

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website. Important If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Deployment information

For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:Security update deployment information: August 14, 2018

More Information

File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.

Windows Server 2008 file information

Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

How to obtain help and support for this security update

Help for installing updates: Windows Update: FAQSecurity solutions for IT professionals: TechNet Security Support and TroubleshootingHelp for protecting your Windows-based computer from viruses and malware: Microsoft SecureLocal support according to your country: International Support

File Information

File hash information

File name SHA1 hash SHA256 hash
Windows6.0-KB4344104-x64.msu 09B99DCE24C7EC3BF7787302F8047EA9DFA219D8 F39C6E6A57DA5C00FF60B174AA6CB4B916047FB8DBEAB1566D0FCF25E2141B62
Windows6.0-KB4344104-x86.msu FB69F0915FFF4376B55B2FD48A493D7E58FC49A2 269782EC8C6989EDB7B4AC6CE9B726788224B44F1E5A3050965BF9919FEDFE0A
Windows6.0-KB4344104-ia64.msu 179ECE72080FA3CCEAB86F64134861195EE740D0 DA80173459D543800E8D09DD0BA41D4F32E9E5CECD8262E21FF8693FB04E96B2
WindowsXP-KB4344104-x86-Embedded-ENU.exe 24812351D008B3BDE988CC02339B23E2A738DB69 2FF02166B720FF855484E9B8743410ADF412FF6CF1FC37A6A36130425FBE8807

For all supported x64-based versions

File name File version File size Date Time Platform
T2embed.dll 6.0.6002.24441 193,024 08-Jul-2018 14:35 x64
Atmfd.dll 5.1.2.253 384,704 08-Jul-2018 14:45 x64
Atmlib.dll 5.1.2.253 48,128 08-Jul-2018 14:35 x64
Dciman32.dll 6.0.6002.24441 14,336 08-Jul-2018 14:35 x64
Fontsub.dll 6.0.6002.24441 96,256 08-Jul-2018 14:35 x64
Lpk.dll 6.0.6002.24441 32,768 08-Jul-2018 14:35 x64
Atmfd.dll 5.1.2.253 306,880 08-Jul-2018 14:55 x86
Atmlib.dll 5.1.2.253 34,304 08-Jul-2018 14:49 x86
Dciman32.dll 6.0.6002.24441 10,240 08-Jul-2018 14:49 x86
Fontsub.dll 6.0.6002.24441 73,728 08-Jul-2018 14:49 x86
Lpk.dll 6.0.6002.24441 23,552 08-Jul-2018 14:49 x86
T2embed.dll 6.0.6002.24441 159,744 08-Jul-2018 14:49 x86

For all supported x86-based versions

File name File version File size Date Time Platform
T2embed.dll 6.0.6002.24441 159,744 08-Jul-2018 14:49 x86
Atmfd.dll 5.1.2.253 306,880 08-Jul-2018 14:55 x86
Atmlib.dll 5.1.2.253 34,304 08-Jul-2018 14:49 x86
Dciman32.dll 6.0.6002.24441 10,240 08-Jul-2018 14:49 x86
Fontsub.dll 6.0.6002.24441 73,728 08-Jul-2018 14:49 x86
Lpk.dll 6.0.6002.24441 23,552 08-Jul-2018 14:49 x86

For all supported ia64-based versions

File name File version File size Date Time Platform
T2embed.dll 6.0.6002.24441 410,112 08-Jul-2018 14:26 IA-64
Atmfd.dll 5.1.2.253 795,328 08-Jul-2018 14:35 IA-64
Atmlib.dll 5.1.2.253 92,160 08-Jul-2018 14:26 IA-64
Dciman32.dll 6.0.6002.24441 29,184 08-Jul-2018 14:26 IA-64
Fontsub.dll 6.0.6002.24441 196,096 08-Jul-2018 14:26 IA-64
Lpk.dll 6.0.6002.24441 68,608 08-Jul-2018 14:26 IA-64
Atmfd.dll 5.1.2.253 306,880 08-Jul-2018 14:55 x86
Atmlib.dll 5.1.2.253 34,304 08-Jul-2018 14:49 x86
Dciman32.dll 6.0.6002.24441 10,240 08-Jul-2018 14:49 x86
Fontsub.dll 6.0.6002.24441 73,728 08-Jul-2018 14:49 x86
Lpk.dll 6.0.6002.24441 23,552 08-Jul-2018 14:49 x86
T2embed.dll 6.0.6002.24441 159,744 08-Jul-2018 14:49 x86
Windows Embedded POSReady 2009 and Windows Embedded Standard 2009 file information

For all supported x86-based versions

File name File version File size Date Time Platform SP requirement Service branch
Fontsub.dll 5.1.2600.7535 82,432 09-Jul-2018 20:16 x86 SP3 SP3QFE
T2embed.dll 5.1.2600.7535 122,880 09-Jul-2018 20:16 x86 SP3 SP3QFE
Updspapi.dll 6.3.13.0 382,840 01-Feb-2018 21:28 x86 None Not applicable

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.202

Percentile

96.4%