Microsoft released an emergency patch for all versions of Windows earlier this week, including Windows 10 Insider Preview.
The patch, which was released outside of Microsoft’s regular Tuesday Windows update schedule, fixes a critical security flaw that potentially allows a remote attacker to take control of the victim’s machine.
The flaw is in the way the Windows Adobe Type Manager Library handles OpenType fonts. In practical terms, if someone running Windows visits a website that contains embedded OpenType fonts or a specially crafted document, an attacker could execute code on his or her computer.
“An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft wrote in a security bulletin.
The vulnerability affects Windows Vista, 7, 8, 8.1 and RT, as well as Windows Server 2008 and 2012. A Microsoft spokesperson told ZDNet that Windows 10 Insider Preview is also affected.
Windows users are advised to upgrade their PCs via Windows Update.
The patch comes weeks after the flaw was discovered by FireEye’s security experts, which are part of Google’s Project Zero team. The vulnerability was found in the documents released after the hacking of Italian security company Hacking Team.
