The ISC just posted an out-of-band “PATCH NOW” security update change to improve security for OpenType font drivers.

https://isc.sans.edu/forums/diary/Special+Microsoft+Bulletin+Patching+Remote+Code+Execution+Flaw+in+OpenType+Font+Drivers/19941/

Microsoft just released a special “out of band” security bulletin with a patch for a remote code execution vulnerability in Windows’ OpenType font drivers. The update replaces a patch released last week (MS15-077). Microsoft rates the vulnerability critical for all currently supported versions of Windows. Microsoft says in it’s bulletin, that it had information that the vulnerability was public, but had no indication that it was actively exploited. MS15-077 had been exploited at the time the MS15-077 bulletin was released last week. As a workaround, users may remove the font driver, but this may cause applications that rely on it to not be able to display certain fonts.