Security researchers from Google’s Project Zero and FireEye reported a ‘fatal’ flaw in Windows earlier. The flaw affected all supported version of Windows including Windows Vista, Windows 7, 8, 8.1 and Windows RT (Windows Server 2008 and later inclusive).
Microsoft released a rather untimely patch in the form of a software update to deal with this flaw on Monday. The “critical”-rated software update lands almost a week after its scheduled Patch Tuesday where the company typically issues security fixes.
The problem in itself was quite simple. According to the software giant, in an advisory on Monday, the vulnerability if exploited, could “allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.”
“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” the advisory added.
This means that the flaw is actually in the way Windows handles certain fonts and if exploited, could lead hackers to gain access to a complete system. Though no reported cases of security breaches through this method have, as of yet, been reported.
The patch is now available for all supported versions of Windows over typical update methods, including Windows Update.