All supported versions of Windows are affected

Jul 21, 2015 05:34 GMT  ·  By

Microsoft has just released an out-of-band security patch for Windows that’s supposed to fix a critical flaw in the operating system, which could allow remote code execution and expose user data.

According to the security bulletin page updated today, MS15-078 is now being shipped to computers running absolutely any Windows version, starting with Vista and ending with Windows 8.1 and Windows RT 8.1. Windows 10 users running preview builds are protected, as Microsoft has apparently already patched the hole silently.

Microsoft says that there’s a problem in the font driver that could allow remote code execution, which basically means that attackers could get the same privileges as the logged-in user. In other words, the attacker can do the same thing as you can on your computer, so if you’re an administrator, imagine what could happen.

Hacking Team leak

“This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts,” Microsoft explains.

The patch is delivered via Windows Update, and since it’s rated as critical, everyone is highly recommended to install it as soon as possible to make sure that their computers are protected.

The zero-day flaw was found in the Hacking Team leak, and one of the reasons Microsoft rushed to fix it is the imminent launch of Windows 10 taking place next week, when a significant number of users are expected to benefit from the free upgrade to the new OS from their Windows 7 or 8.1 PCs.

Until you get to patch all your computers in organizations, make sure that users avoid opening suspicious documents containing malformed OpenType fonts. As a general recommendation, it’s better to avoid clicking on links and documents coming from unknown sources, especially if your computer is not up to date and you’re not running antivirus software.