Skip to main content

Critical Windows security vulnerability discovered

Audio player loading…

Windows 10 Desktop

Microsoft has released a fix for a critical security flaw that impacts all versions of the operating system from Windows 7 through to the most recent beta release of Windows 10. According to CNet, the flaw came to light as a result of the Hacker Team leak that led to the discovery of a critical vulnerability in Adobe Flash earlier this month.

"A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts," Microsoft said in a security bulletin posted yesterday. "An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

The ability to execute code from remote could be enabled by opening a "specially crafted document," or even by simply visiting a web page with embedded OpenType fonts. Fortunately, while the information is out in the public, Microsoft said it has no evidence that it's ever actually been used in an attack. Also fortunate is that Windows users with automatic updates enabled won't have to do anything, as the fix will be downloaded and installed automatically.

The rest of you will have to be a bit more hands-on if you want to dodge this particular bullet, however. Find out what you need to do (and dig into whatever other details you find interesting) at Microsoft's Security TechCenter.

Andy has been gaming on PCs from the very beginning, starting as a youngster with text adventures and primitive action games on a cassette-based TRS80. From there he graduated to the glory days of Sierra Online adventures and Microprose sims, ran a local BBS, learned how to build PCs, and developed a longstanding love of RPGs, immersive sims, and shooters. He began writing videogame news in 2007 for The Escapist and somehow managed to avoid getting fired until 2014, when he joined the storied ranks of PC Gamer. He covers all aspects of the industry, from new game announcements and patch notes to legal disputes, Twitch beefs, esports, and Henry Cavill. Lots of Henry Cavill.