14 DAY TRIAL // Testers running Windows 7 Service Pack 1 Release Candidate need to download a patch from Microsoft and update their copies of the operating system.
On February 8th, 2011, the Redmond company released, Microsoft Security Bulletin MS11-007 designed to patch a vulnerability the OpenType Compact Font Format (CFF) Driver.
This particular security flaw also impacts Windows 7 SP1 RC, and considering the fact that it has been rated Critical because it allows for remote code execution in the eventuality of a successful exploit, users are advised to upgrade as soon as possible.
“This security update resolves a privately reported vulnerability in the Windows OpenType Compact Font Format (CFF) driver. The vulnerability could allow remote code execution if a user views content rendered in a specially crafted CFF font.
“In all cases, an attacker would have no way to force users to view the specially crafted content. Instead, an attacker would have to convince users to visit a Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site,” Microsoft explained.
Both Windows 7 SP1 RC and Windows Server 2008 R2 SP1 RC are affected, so early adopters running the two pre-release versions of the platforms need to grab the patch as soon as possible and plug the Windows OpenType Compact Font Format (CFF) driver hole.
I have included the download links for the security updates designed to fix the vulnerability for Windows 7 SP1 RC and Windows Server 2008 R2 SP1 RC, and users will be able to find them at the bottom of this article.
While Microsoft might indeed be very close to offering Windows 7 SP1 RTM to customers, testers running the RC version of the upgrade should make sure to deploy the security update as soon as possible.
According to reports, the software giant plans to release Windows 7 SP1 RTM to MSDN and TechNet subscribers next week, and to the public on February 22nd.
Security Update for Windows 7 Service Pack 1 Release Candidate for x64-based Systems (KB2485376) download here
Security Update for Windows Server 2008 R2 Service Pack 1 Release Candidate x64 Edition (KB2485376) download here
Security Update for Windows 7 Service Pack 1 Release Candidate (KB2485376) download here
Security Update for Windows Server 2008 R2 Service Pack 1 Release Candidate for Itanium-based Systems (KB2485376) download here