Security researchers from Google’s Project Zero and FireEye have discovered a critical flaw in various versions of Windows, and Microsoft has released an emergency out-of-band patch to deal with the situation.
In a statement of advisory on Monday (July 20), Microsoft informed customers about the issue, warning that the vulnerability could “allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.”
They continued, “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Basically, if the vulnerability were exploited, you’d be inadvertently handing operational control of your computer over to a cybercriminal. The potential issues stemming from that are limitless, especially for businesses storing sensitive data on their machines.
Users working with Windows Vista, Windows 7, 8, 8.1 or Windows RT are all affected – that includes users running Windows Server 2008 or later. It should be noted that Microsoft has deemed the software update “critical” for those users. As of now, Microsoft says they believe the flaw is public, but they have no evidence to suggest it’s being actively exploited.
The patch is available now through any typical update methods, including Windows Update. For your protection, it’s crucial to make the update as soon as possible to prevent any issues with your system.