Microsoft has issued an emergency security update for its Windows operating systems. The update is to prevent hackers taking “complete control” of your computer system using a vulnerability relating to OpenType fonts. It’s serious stuff hence the emergency fix.
“A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Microsoft note that although the vulnerability was public they “did not have any information to indicate this vulnerability had been used to attack customers”. You should probably run Windows Update asap, however.
All supported versions of Windows are affected (Vista, 7, 8, 8.1 and RT as well as the test version of Windows 10). Older and other versions may also be vulnerable but are outside Microsoft’s support remit, so you’ll have to cast further afield to find a solution if you’re a die-hard XPer.
So, what to do?
If you have automatic updating switched on then you shouldn’t need to do anything because the fix will be installed as part of that process. If you take a manual approach and haven’t updated yet – or for any reason cannot – you can find instructions on how to patch the OS up yourself on the Affected Software bit of the bulletin.