It is rare for Microsoft to issue updates outside of its usual predefined monthly update cycles, affectionately known as “Patch Tuesday”. In this instance, the company has taken exception to ensure that its users are protected against a “critical” vulnerability that is one of the most severe bugs to have been found in Windows for some time.
The BBC reports that the issue was found in code that handles OpenType font files in Windows. It was found by security researchers at companies including Trend Micro, FireEye and Google and could affect people running Windows Vista, RT, 7, 8, 8.1 and 10 Preview, as well as Windows Server 2008 and 2012.
The patch has been available for a couple of days and follows another update less than a week ago that fixed a different vulnerability in Windows’ font handling systems. If exploited by hackers, the bug could have been used to “take complete control” of a system. It could allow for remote code execution, potentially allowing hackers to steal data or install their own software onto a computer.
The Microsoft security advisory associated with the fix says that there is no evidence that the vulnerability has been exploited by attackers despite the widespread media coverage. Installing the update will close the vulnerability and keep affected systems protected in the future.
The severity of the issue means that most computers will have already automatically installed the update if Windows Update is operating on its recommended settings. If you’re not sure if the update has been installed and run one of the affected Windows versions, you should check for updates in Windows Update and install anything listed as “critical” or “important.”
