Stinky, Aged Operating System? It’s that time of the month again - Microsoft patch Tuesday of course! This month I expected to research several different vulnerabilities, how they work, methods to detect them, etc. However, Microsoft is only patching one vulnerability this month. I can’t believe there is only one vulnerability this month! In any case, this month's vulnerability occurs in the way applications handle Embedded OpenType fonts . I was a bit puzzled as to why so much effort was going into font rendering until I discovered that it is common for web sites to implement different languages and have them display correctly to the end user (primarily for “non-English” languages). The vulnerability is triggered when a user renders fonts on a web page or by opening a Microsoft Office document that contains embedded fonts. An interesting fact about this bulletin (which only covers one CVE entry, CVE-2010-0018 ) is: "This security update is rated Critical for Microsoft Windows 2000, and is rated Low for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2."