Several days ago we reported that a nasty new Windows bug had been found. It is particularly nasty for two reasons – it involves a previously unknown exploit, and it may be the brainchild of the same group that developed Stuxnet.

Now, Microsoft has released a temporary fix. The fix is not a patch, but rather a workaround that involves using the command prompt to disable access to T2EMBED.DLL. Alternatively, users can have this taken care of automatically with the Microsoft Fit It utility.

Microsoft warns that using the workaround will cause embedded font technology to no longer work correctly. Applications that use it will “fail to display properly”. Microsoft does not elaborate, but this most likely means embedded fonts will not appear and instead be replaced by a default font. Webpages sometimes use font embedding to allow users to view web text in a font that’s not installed on the user’s computer, for example.

While the workaround does provide temporary protection, a patch is being developed to close the exploit and allow for safe use of embedded fonts. It will be release automatically via Windows Update once it becomes available. No release date has been promised.

For our readers at home, our original advice – don’t open Word documents found in emails – is a perfectly adequate solution. Businesses with multiple computers, however, would be wise to use this fix.

Source: The Guardian, Microsoft Security TechCenter