Yesterday, I wrote Windows Update KB2753842 Will Make Some Fonts Stop Working. It was important to get this written and posted as soon as possible because I knew a large number of users of graphic software were finding that all of a sudden some of their fonts had stopped working. At that time, I only knew that users of CorelDRAW and QuarkXpress were having this issues. I feared other software would soon be added to that list and it has indeed happened.
This problem also will strike users of Adobe Flash, Serif PagePlus, FlexiSign, Microsoft Excel and Microsoft PowerPoint. Look at that list again as it breaks Microsoft’s own products! I fear the list will continue to grow.
Let’s go over this problem in a little more technical detail. When software needs to get the curves of a glyph (character) from a font, it uses an API (application programming interface) call in Windows called GetGlyphOutline(). Suffice it to say, this is an official feature of Windows that Microsoft wants developers to use for this purpose. When the KB2753842 update is installed, this function fails to return a memory size and therefore the font will not work correctly.
The problem only seems to occur with OpenType fonts containing PostScript outlines. As OpenType fonts can also contain TrueType data, you may have some OpenType fonts that work and some that don’t. While this patch was designed to stop remote code execution from a rogue font, it has stopped thousands of very legitimate fonts from working. Programmers from the various software companies have verified the problem is caused by this update and reported it to Microsoft. Microsoft is very aware of this problem and they know it affects their own software.
Some of the comments on my original post thanked me for explaining how to make fonts start working again and others claimed I was giving reckless advice in telling users to uninstall this update. So I will give you the two options you face and you can decide which is the correct path for you to take.
- You can leave the patch installed and it claims to protect you against having a remote code execution run on your machine if you should go to a Web site using a maliciously-designed font. This rogue font may also be something you downloaded and installed and it would likely be a “free” font. But by leaving the patch installed, you will not be able to use OpenType fonts with PostScript outlines in the programs listed above (and maybe more). While there is no doubt such a rogue font exists, I’d never heard of one prior to this patch being released.
- Alternatively you can uninstall the patch. Should you do this, your system is vulnerable should you come across one of the rogue fonts. Note that you were also just as vulnerable before the patch was released. The good news is that you will be able to use your OpenType fonts with PostScript outlines
In the last 24 hours, I have heard from many designers who had lost a day or more of work. Some of them missed deadlines because their fonts weren’t working and others were barely able to deliver projects in time after getting this update uninstalled. To me, the ability to produce paying work easily outweighs the very small risk of encountering a rogue font.
Will Microsoft Fix It?
While Microsoft has not officially commented yet, there is no doubt in my mind that they will fix it. Remember, it is breaking the software (Microsoft Office) that brings them billions of dollars each year! The fix may be as simple as recalling the update so it can no longer be installed. It is also quite possible they will develop a different update that doesn’t cause the problem. I only hope they test any future updates before they are released!
The Evils of Automatic Updates
Many users had this update installed automatically. Others were given a list of available updates and chose to install it without knowing it would cause so many problems. While updates that causes problems are the exception, this is a great example of why you may not want them automatically installed. Even waiting a few days to install an update can help you determine if it is safe to proceed. While this problematic update is definitely not the fault of Corel, it is the possibility of automatic updates causing problems that make me disagree with Corel’s new Terms of Service. One of the terms I pointed out says you have to install the updates Corel provides. What if you knew one of the updates caused a problem? The terms say you have to install it anyways. The terms later say Corel can’t be held liable for any problems caused.
The Power of SEO
Loyal readers will know that one of the topics covered in previous Graphics Unleashed posts is Search Engine Optimization. We’ve received comments on those posts claiming that SEO doesn’t really work. For my original post on the problematic Windows Update KB2753842, it most definitely did work. After 12 hours, the post was #4 on Google if you searched for “KB2753842” and it had moved to #1 in less than 24 hours.
One of the keys is to follow Google’s advice about creating quality content designed for humans and not the search engine robots. The post did include the key word in the title and in the body of the post. Social media also helped raised the page in the rankings as the key word was part of Twitter, Google+ and Facebook posts. Was there some luck involved in getting it to #1 so quickly? Absolutely. Is this a really competitive keyword? No, it isn’t. Then again, our page ranks higher than Microsoft for the term and it is their update.
I just want everyone to understand that if you design quality content with SEO in mind, your pages can climb to the top of the search engines. Maybe not the top spot, but at least the first page. It is much more difficult to do on very competitive terms, but it can be done. Thinking about SEO as you are creating content is definitely very important and isn’t difficult to do.
12/15/2012 Update: Windows XP users have trouble finding and uninstalling this update should read a new post labeled Removing Windows Update KB2753842 On Windows XP.