Microsoft has rolled out an emergency patch for a security flaw present in all supported Windows versions, including even Windows 10 Technical Preview, which if exploited will let hackers take remote control of the affected systems.
Redmond usually issues security updates once a month on ‘Patch Tuesday,’ but this out-of-routine update denotes how severe the security lapse was. The flaw was found in the parts of Windows that let the software handle some types of fonts.
“This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts,” Microsoft noted in its security bulletin on the disclosure.
“The security update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts.”
According to Microsoft, the bug, when exploited, would let hackers to easily plant new malicious programs; view, change, or delete data; or even create new accounts on the affected system will full user rights.
Redmond in its security bulletin noted that the vulnerability was already public when it issued the update, but that it “did not have any information to indicate this vulnerability had been used to attack customers”.
“Our analysis has shown that exploit code could be created in such a way that an attacker could consistently exploit this vulnerability,” the software giant said.
The security issue affects almost every major version of Windows including Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.
Windows users, who have automatic updating enabled, will have the update downloaded and installed automatically. While, users who have not enabled automatic updating, or who install updates manually, can download the patch right away via Windows Update.
It is to be noted that neither Windows XP, nor Windows Server 2003, are eligible for updates from Microsoft.