Skip to main content

Microsoft issues ‘critical’ security patch for all Windows versions

Microsoft has issued a security patch outside of its regular “Patch Tuesday” releases in an effort to thwart a serious vulnerability.

The security flaw enables attackers to remotely access your PC and affects all currently supported versions of Windows, ranging from Vista to Windows 8.1.

Read more: “Feeble” Microsoft enterprise security and virus protection rated the worst

The vulnerability has been named “CVW-2015-2426” and has been given the highest possible security rating of critical. It was initially discovered by security researchers Genwei Jiang of FireEye and Google Project Zero’s Mateusz Jurczyk. Microsoft has issued an advisory warning users of how the vulnerability could be exploited.

“A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts,” the advisory states (opens in new tab). “An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Microsoft adds that a cyber-attacker could exploit the vulnerability by convincing potential victims to open a specially created document or visit a compromised webpage. It is worth noting, however, that there have been no reports of any successful exploits thus far. However, the source code in which the vulnerability was discovered has been available online since 6 July, so it’s certainly worth downloading the security patch as soon as possible. Windows users that sign up for automatic updates will not have to manually download the patch.

Read more: Microsoft sends Windows 10 for manufacturing as launch date nears

With the next version of Microsoft’s operating system, Windows 10, due for commercial release in a week’s time, the Redmond-based firm will be keen to avoid any high-profile security issues. Although some versions of the Windows 10 Insider Preview were susceptible to the recently discovered exploit, the final build contains the necessary security patch.

Barclay has been writing about technology for a decade, starting out as a freelancer with IT Pro Portal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.