Microsoft has released an off-schedule update to patch a critical bug affecting all versions of Windows. The bug, if exploited, allows hackers to remotely execute malicious code on Windows computers.
A vulnerability was found in the way Windows Adobe Type Manager Library handles fonts that use Microsoft’s OpenType format. If exploited, it could give attackers full control over the system.
A remote execution initiates when one tries to open a specially crafted document, or visits a booby-trapped website that contains embedded OpenType fonts. This is followed by installation of programs, and manipulation of data on victim’s system. Furthermore, the attacker could create new accounts on the victim’s computer and provide them with full user rights.
The vulnerability affects Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2008, Windows Server 2012. EvenWindows 10 preview builds are affected by this vulnerability. If you’re wondering,Windows XP and Windows Server 2003 are almost certainly affected too, but they aren’t eligible to snag further updates from Microsoft.
If your computer is set to receive updates automatically, you don’t have to worry about anything. If you aren’t sure, you can manually download the relevant patch for your operating system from the company’s website.
Microsoft delivers security patches every second Tuesday of the month (hence the name Patch Tuesday). This is only the second time this year since January, when it pushed out an “out-of-band” update.
Earlier this month, Microsoft issued a patch in which it squashed two vulnerabilities that became public in the aftermath of a mega security breach of the Hacking Team, an Italian hacker group.
Microsoft says that there is no evidence that today’s vulnerability has been exploited in the wild. It thanked security firm FireEye and over enthusiast hamsters at Google’s Project Zero.