Microsoft on Monday released a patch that the computer giant termed “critical” for all Windows systems, because it resolves a vulnerability that Microsoft said could allow an attacker to take “complete control” of one’s system.
The security update tweaks how the Windows Adobe Type Manager Library handles OpenType fonts.
“An attacker who successfully exploited this vulnerability could take complete control of the affected system,” the company said in its security bulletin. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit this vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage that contains embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts.”
Microsoft said it had information that the vulnerability was public but did not have any information about whether any users had been attacked in this manner.
Among those who could be affected are those who use Windows Vista, Windows 2008, Windows 7, Windows 8, Windows 8.1, Windows Server 2012, Windows RT, and Windows RT 8.1. A Microsoft spokesperson told ZDNet that Windows 10 Insider Preview also features this vulnerability.
More from Microsoft in its security bulletin:
“The majority of customers have automatic updating enabled and will not need to take any action because the update will be downloaded and installed automatically. Customers who have not enabled automatic updating, or who install updates manually, can use the links in the Affected Software section [of the security bulletin] to download and install the update.”