Microsoft pushes out emergency security update for Windows

Microsoft today rolled out an emergency security for Windows, addressing a vulnerability that allows hackers to remotely access unpatched computers.

Described as "critical", the vulnerability affects all supported versions of Windows; Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows RT, and even the unreleased Windows 10. If exploited, the vulnerability would allowed hackers to take "complete control of the affected system".

Microsoft said that "an attacker could then install programs; view change or delete data; or create new accounts with full user rights."

While Microsoft had information to indicate the vulnerability was public, it does not believe that it has been used to attack customers.

The vulnerability itself exists in OpenType, a font format co-developed by Microsoft and Adobe. Using this, hackers could hijack unpatched systems through a specially crafted document, or via a malicious website that contains embedded OpenType fonts.

Users can download the patch via Windows Update. 

Leave a Reply