Microsoft has released a fix for a critical security flaw that impacts all versions of the operating system from Windows 7 through to the most recent beta release of Windows 10. According to CNet, the flaw came to light as a result of the Hacker Team leak that led to the discovery of a critical vulnerability in Adobe Flash earlier this month.
"A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts," Microsoft said in a security bulletin posted yesterday. "An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."
The ability to execute code from remote could be enabled by opening a "specially crafted document," or even by simply visiting a web page with embedded OpenType fonts. Fortunately, while the information is out in the public, Microsoft said it has no evidence that it's ever actually been used in an attack. Also fortunate is that Windows users with automatic updates enabled won't have to do anything, as the fix will be downloaded and installed automatically.
The rest of you will have to be a bit more hands-on if you want to dodge this particular bullet, however. Find out what you need to do (and dig into whatever other details you find interesting) at Microsoft's Security TechCenter.
