Skip to main content
Super User

Return to Answer

added 981 characters in body
Source Link
LSerni
LSerni
  • 8.5k
  • 1
  • 30
  • 48

  1. Replace the two fonts with suitable alternatives in all affected programs. Segoe UI and Consolas work for me (I've also heard good things of a free font called Inconsolata). For some browsers, it is possible to setup a font replacement via plugins or settings. Wait for the fixed fonts to come up. Ideally, it shouldn't take long. In the interim, the PC is protected against a "font attack". RECOMMENDED.

  2. Uninstall the KB3013455 fix (and remain vulnerable). Except maybe you can't.

    Replace the two fonts with suitable alternatives in all affected programs. Segoe UI and Consolas work for me (I've also heard good things of a free font called Inconsolata). For some browsers, it is possible to setup a font replacement via plugins or settings. Wait for the fixed fonts to come up. Ideally, it shouldn't take long. In the interim, the PC is protected against a "font attack". RECOMMENDED.

  • to fix Firefox: locate the userContent.css file in your Firefox profile. If there is no such file, locate the AppData\Mozilla\Firefox\Profiles\RANDOM_STRING\chrome directory and create a file called userContent.css. In this file place (or add if it already exists)

    @font-face { font-family: 'Arial'; src: local('Segoe UI'); } @font-face { font-family: 'Courier New'; src: local('Consolas'); } @font-face { font-family: 'Times New Roman'; src: local('Linux Libertine'); }

(Of course the "local" fonts must be installed!).

  1. Uninstall the KB3013455 fix (and remain vulnerable). Except maybe you can't.

  1. Replace the two fonts with suitable alternatives in all affected programs. Segoe UI and Consolas work for me (I've also heard good things of a free font called Inconsolata). For some browsers, it is possible to setup a font replacement via plugins or settings. Wait for the fixed fonts to come up. Ideally, it shouldn't take long. In the interim, the PC is protected against a "font attack". RECOMMENDED.

  2. Uninstall the KB3013455 fix (and remain vulnerable). Except maybe you can't.

  1. Replace the two fonts with suitable alternatives in all affected programs. Segoe UI and Consolas work for me (I've also heard good things of a free font called Inconsolata). For some browsers, it is possible to setup a font replacement via plugins or settings. Wait for the fixed fonts to come up. Ideally, it shouldn't take long. In the interim, the PC is protected against a "font attack". RECOMMENDED.

  • to fix Firefox: locate the userContent.css file in your Firefox profile. If there is no such file, locate the AppData\Mozilla\Firefox\Profiles\RANDOM_STRING\chrome directory and create a file called userContent.css. In this file place (or add if it already exists)

    @font-face { font-family: 'Arial'; src: local('Segoe UI'); } @font-face { font-family: 'Courier New'; src: local('Consolas'); } @font-face { font-family: 'Times New Roman'; src: local('Linux Libertine'); }

(Of course the "local" fonts must be installed!).

  1. Uninstall the KB3013455 fix (and remain vulnerable). Except maybe you can't.
added 981 characters in body
Source Link
LSerni
LSerni
  • 8.5k
  • 1
  • 30
  • 48

Update: things "fixing/updating" XP you may have to thank for the Arial/Courier/Times mess

This is a list of possible causes of more or less silent update(s) to an end-of-lifed XP:

  1. The "WEPOS" registry hack.
  2. Something related to McAfee (reported by @rboblenz). I've found some articles relating to an "unability to update XP", which would seem to imply that McAfee has some ability of updating XP, but nothing clearly stated in their site. Even so, if you have a McAfee product, that might be the explanation.
  3. A couple of tools that allow(ed) to have a pirated copy of XP and keep it updated and, apparently, keep it updated after EOL downloading updates from... somewhere. (And who wouldn't feel comfortable in trusting their data - bank account credentials possibly included - to such solutions? After all, what's the worst that might happen?)

Update: things "fixing/updating" XP you may have to thank for the Arial/Courier/Times mess

This is a list of possible causes of more or less silent update(s) to an end-of-lifed XP:

  1. The "WEPOS" registry hack.
  2. Something related to McAfee (reported by @rboblenz). I've found some articles relating to an "unability to update XP", which would seem to imply that McAfee has some ability of updating XP, but nothing clearly stated in their site. Even so, if you have a McAfee product, that might be the explanation.
  3. A couple of tools that allow(ed) to have a pirated copy of XP and keep it updated and, apparently, keep it updated after EOL downloading updates from... somewhere. (And who wouldn't feel comfortable in trusting their data - bank account credentials possibly included - to such solutions? After all, what's the worst that might happen?)
added 360 characters in body
Source Link
LSerni
LSerni
  • 8.5k
  • 1
  • 30
  • 48

So quite correctly KB3013455 fixes this, adding several more checkschecks; and naughty fonts can no longer do anything.

Except that... what would happen if some system fonts failed those same checks, or contained information that was slightly off, and nobody had ever realized it because the required checks and settings were never put in place?

It would happen that those slightly and unintentionally naughty fonts, and no others, would suddenly start misbehaving, -- reporting to the system sizes and hints that were never reported before. And they would look slightly bad - Arial - or almost unreadable - Courier New.

Until a new fix supplied a "properly behaved" version of both sets of font files (there's eight of them, I think - normal, italic, bold, and bold italic, two each).

That's what happened.

Until then the new fix, the choice is:

  1. Replace the two fonts with suitable alternatives in all affected programs. Segoe UI and Consolas work for me. I've (I've also heard good things of a free font called Inconsolata). For some browsers, it is possible to setup a font replacement via plugins or settings. Wait for the fixed fonts to come up. Ideally, it shouldn't take long. In the interim, the PC is protected against a "font attack". RECOMMENDED.

  2. Uninstall the KB3013455 fix (and remain vulnerable). Except maybe you can't.

So quite correctly KB3013455 fixes this adding several more checks and naughty fonts can no longer do anything.

Except that... what would happen if some system fonts failed those same checks, or contained information that was slightly off, and nobody had ever realized it because the required checks were never put in place?

It would happen that those slightly and unintentionally naughty fonts would suddenly start misbehaving, reporting to the system sizes and hints that were never reported before. And they would look slightly bad - Arial - or almost unreadable - Courier New.

Until a new fix supplied a "properly behaved" version of both sets of font files (there's eight of them, I think - normal, italic, bold, and bold italic).

Until then the choice is:

  1. Replace the two fonts with suitable alternatives. Segoe UI and Consolas work for me. I've also heard good things of a free font called Inconsolata. Wait for the fixed fonts to come up. Ideally, it shouldn't take long.

  2. Uninstall the KB3013455 fix. Except maybe you can't.

So quite correctly KB3013455 fixes this, adding several more checks; and naughty fonts can no longer do anything.

Except that... what would happen if some system fonts failed those same checks, or contained information that was slightly off, and nobody had ever realized it because the required checks and settings were never put in place?

It would happen that those slightly and unintentionally naughty fonts, and no others, would suddenly start misbehaving -- reporting to the system sizes and hints that were never reported before. And they would look slightly bad - Arial - or almost unreadable - Courier New.

Until a new fix supplied a "properly behaved" version of both sets of font files (there's eight of them, I think - normal, italic, bold, and bold italic, two each).

That's what happened.

Until the new fix, the choice is:

  1. Replace the two fonts with suitable alternatives in all affected programs. Segoe UI and Consolas work for me (I've also heard good things of a free font called Inconsolata). For some browsers, it is possible to setup a font replacement via plugins or settings. Wait for the fixed fonts to come up. Ideally, it shouldn't take long. In the interim, the PC is protected against a "font attack". RECOMMENDED.

  2. Uninstall the KB3013455 fix (and remain vulnerable). Except maybe you can't.

Source Link
LSerni
LSerni
  • 8.5k
  • 1
  • 30
  • 48