Microsoft has released an emergency out-of-band patch for a critical flaw, affecting all supported versions of Windows.
The software giant said in an advisory Monday that the vulnerability, if exploited, could “allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.”
Microsoft issues 14 security fixes in July’s Patch Tuesday
Microsoft’s monthly release of patches includes security fixes for dozens of vulnerabilities.
“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” the advisory added.
In other words, a previously undisclosed flaw in the way Windows handles certain fonts can allow a hacker to take over an entire machine.
Users running Windows Vista, Windows 7, 8, 8.1 and Windows RT are all affected, including those running Windows Server 2008 and later. A Microsoft spokesperson confirmed in an emailed statement that Windows 10 Insider Preview is also affected.
The “critical”-rated software update lands almost a week after its scheduled Patch Tuesday where it typically issues security fixes. Microsoft said it believed the flaw was public but did not have any evidence to suggest it was being actively exploited.
The patch is available over Windows Update.
Security researchers from Google’s Project Zero and FireEye were credited with finding the flaw.
Microsoft releases emergency patch for all versions of Windows | ZDNet
