I have experienced this on 2 of my machines now:
Read:
http://www.thomasphinney.com/2012/12...ecurity-patch/
Windows security patch KB2753842 kills OpenType / PostScript font support in many apps
Is it Fontmageddon? For users who need fonts and use specific applications (see below), Windows security update KB2753842 of Dec 11, 2012, may cause more harm than good.
One suspects Microsoft may come up with a less problematic version of the update, but until then, be careful. Also, check back: I will update this post with more news as I get more details, particularly on affected apps.
WHAT IT DOES
(1) installing this update breaks some very small number of fonts at the system level and for all apps, including potentially malicious fonts, BUT ALSO….
(2) for certain apps text set in all PostScript Type 1 (.pfb/.pfm) and OpenType CFF (.oft) fonts becomes invisible. This can even affect font menus when the app has a WYSIWYG font menu.
FIXING THE PROBLEM
First, don’t install the patch. If you have, see below for how to uninstall it.
If you have already installed the patch from Microsoft, you may need to uninstall it.
In Windows 7 it’s under Add/Remove programs.
For Windows Vista, use this process
For WIndows XP, it looks like there are third party “update removers” that you can use. (It’s been so long now that I have forgotten if there’s an easy way to do it within the OS.)
If you have autoupdates enabled in Windows, you can “hide” (suppress) this particular update. Even if you are only doing manual updates, suppression might be wise so as not to install it by accident.
If your computer is part of a domain administered centrally by an IT team, you should alert them to this issue, so they can decide whether or not to roll out this update.
PROGRAMMER DETAILS
The apps that are especially affected are those that use the GetGlyphOutline() API to grab font outlines of PostScript fonts (both Type 1 pfb/pfm fonts, and OpenType CFF .otf fonts). With the patch, that API no longer returns the memory size needed to get the curves, but instead returns a bogus value of zero. This effectively renders the app unable to render the glyph on screen. At least, at 15 points and higher.
I gather there are other APIs apps can use, but that GetGlyphOutline() works all the way back to XP unlike the alternatives.
AFFECTED OS VERSIONS AND SOFTWARE
Data is still flowing in about app versions affected, I strongly suspect that in many more applications than those listed, “convert to curves” functions will fail or result in lost text. I also suspect that in most cases where a current version of an application is affected, so are older versions not listed. What I know now is that affected apps and OSes include:
Windows: All desktop and server versions of Windows from XP to Windows 8, it seems.
PowerPoint, but only in presentation mode (an especially dangerous failure, as a user might think things were fine… until they tried to do an actual presentation)
QuarkXPress 7, 8, 9.5 (but only affects fonts at 15 pts and larger)
CorelDRAW X3 to X6. Workaround: view in “draft” mode works because it does not use the problematic API.
Serif PagePlus
Adobe Flash (authoring at least, probably not the running of Flash apps?)
Flexi and SignLab (signmaking apps)
Avid Marquee (video titling)
Bentley MicroStation (CAD / information modeling)
The Secret World (Alternate Reality Game)
Inkscape (vector drawing)
Xara Designer Pro X (vector drawing) and possibly other Xara apps
MICROSOFT RESPONSE
The MS Knowledgebase article has a standard section for “known issues.” On Friday Dec 14, 2012, Microsoft updated it to read: “We are aware of issues related to OpenType Font (OTF) rendering in applications such as PowerPoint on affected versions of Windows that occur after this security update is applied. We are currently investigating these issues and will take appropriate action to address the known issues.”
It is possible that the actual fix may involve Adobe, as they supply the PostScript Type 1 and OpenType CFF rasterizer code to Microsoft. TBD.
Bookmarks