Microsoft has issued a security patch outside of its regular “Patch Tuesday” releases in an effort to thwart a serious vulnerability.
The security flaw enables attackers to remotely access your PC and affects all currently supported versions of Windows, ranging from Vista to Windows 8.1.
The vulnerability has been named “CVW-2015-2426” and has been given the highest possible security rating of critical. It was initially discovered by security researchers Genwei Jiang of FireEye and Google Project Zero’s Mateusz Jurczyk. Microsoft has issued an advisory warning users of how the vulnerability could be exploited.
“A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts,” the advisory states. “An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Microsoft adds that a cyber-attacker could exploit the vulnerability by convincing potential victims to open a specially created document or visit a compromised webpage. It is worth noting, however, that there have been no reports of any successful exploits thus far. However, the source code in which the vulnerability was discovered has been available online since 6 July, so it’s certainly worth downloading the security patch as soon as possible. Windows users that sign up for automatic updates will not have to manually download the patch.
With the next version of Microsoft’s operating system, Windows 10, due for commercial release in a week’s time, the Redmond-based firm will be keen to avoid any high-profile security issues. Although some versions of the Windows 10 Insider Preview were susceptible to the recently discovered exploit, the final build contains the necessary security patch.