Microsoft has just launched an emergency patch for a recently discovered security breach that can give access of your computer to hackers if you open documents or websties that use certain embedded OpenType fonts.

The breach is massive. It could potentially affect nearly all computers running any version of Windows ranging from Vista to the current preview build of Windows 10.

acer c720 windows

According to a security advisory published by Microsoft, the vulnerability could “allow remote code execution if a user opens a specially crafted document or visits an un-trusted webpage that contains embedded OpenType fonts.”

The Windows Adobe Type Manager Library “improperly handles” certain OpenType fonts, which trigger a remote code execution vulnerability. When that happens, an attacker “could take complete control of the affected system,” including installing programs, controlling and removing data, and creating new accounts with full user rights.

The security update fixes the vulnerability by changing how the Windows Adobe Type Manager controls fonts coming through from OpenType.

OpenType is an open source, scalable font software developed by Adobe. Because the fonts are cross-platform compatible and available for free, many web designers use the software in developing websites.

Currently, there is no official information that an actual attack has taken place via this vulnerability. However, Engadget notes, “claims are circulating” that this security update fixes an exploit that was discovered by an Italian company named “Hacking Team” in early July.

The most important thing to do right now is check for updates from Microsoft on all of your computers and mobile devices.

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign

or...

Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

Subscribe to Liliputing via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 9,544 other subscribers

10 replies on “Microsoft releases ‘critical’ rated security updated to fix exploit on all Windows devices”

    1. Probably, they just won’t release a patch for it since it’s not supported anymore.

      1. I understand XP is unsupported, but my question asked if it is affected…

        1. Last thing I saw said “All versions of Windows from XP up to 8.1 are reported to be affected, in both 32 and 64-bit variants.”

    2. I’m curious about this too, because I do have one box still running XP. hmmmm…

  1. It’s mind-bloggling that such a simple thing like displaying a font (no matter how well “crafted” it is within a doc or html file) could open the most serious type of security hole. This isn’t a simple bug.

    I’m suggesting that within Windows itself their are engines designed to allow remote execution and other backdoor mechanisms. This issue will be the first of many that will accidentally trip embedded backdoors.

    Before anyone accuses me of ‘conspiracy this or tinfoil that’, look up Windows backdoors and similar (I’m currently on cell phone).

    1. like ip6 remote connections, running despite a closed windows firewall …. yep, in every new version more of such hidden cheese holes.

    2. I don’t believe it is, font rendering is a lot more complex than it looks, many layers of interpretation (think of TrueType as a tiny Flash language with a VM). Back in the days they didn’t think rendering would be a real attack surface, it’s easy to dismiss as opposed to network components, etc, etc

      My 2 cents.

Comments are closed.