Windows had a flaw in its system that had allowed remote access and code execution. Microsoft has acted on this and released on Monday an update centering this very issue and it is a good idea to update now.
What was the vulnerability?
If anyone were to attack your system and became successful by exploiting this specific vulnerability then they would be able to install programs, delete, change, or view data, as well as create user accounts with full user rights.
The vulnerability in the system was stumbled upon by Google’s project zero researchers and by people at FireEye.
Microsoft’s update will fix this issue and will be supported by all versions of Windows that are currently available.
As of now there hasn’t been any news about the seriousness of this flaw. There are not many known cases, but from Microsoft’s post it seems quite serious.
“This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted web page that contains embedded OpenType fonts.”
“The security update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts.”
One type, as mentioned in their post, is basically a format used to scale fonts and was developed in joint collaboration from Adobe and Microsoft.
The font is available for free which becomes a reason for many web designers to use it; hence attracting a lot of hackers.
At the moment, Microsoft is ensuring that the law hasn’t been exploited and to be on the safe side get the latest update.
If auto-update is not enabled the update will not download, so turn on auto-update on your PC. Besides from the aforementioned issue, the update will also include minor non-security improvements for the Windows 10.