Microsoft has just launched an emergency patch for a recently discovered security breach that can give access of your computer to hackers if you open documents or websties that use certain embedded OpenType fonts.
The breach is massive. It could potentially affect nearly all computers running any version of Windows ranging from Vista to the current preview build of Windows 10.
According to a security advisory published by Microsoft, the vulnerability could “allow remote code execution if a user opens a specially crafted document or visits an un-trusted webpage that contains embedded OpenType fonts.”
The Windows Adobe Type Manager Library “improperly handles” certain OpenType fonts, which trigger a remote code execution vulnerability. When that happens, an attacker “could take complete control of the affected system,” including installing programs, controlling and removing data, and creating new accounts with full user rights.
The security update fixes the vulnerability by changing how the Windows Adobe Type Manager controls fonts coming through from OpenType.
OpenType is an open source, scalable font software developed by Adobe. Because the fonts are cross-platform compatible and available for free, many web designers use the software in developing websites.
Currently, there is no official information that an actual attack has taken place via this vulnerability. However, Engadget notes, “claims are circulating” that this security update fixes an exploit that was discovered by an Italian company named “Hacking Team” in early July.
The most important thing to do right now is check for updates from Microsoft on all of your computers and mobile devices.