In the wake of a critical Remote Code Execution vulnerability in all supported versions of its operating system platform, Microsoft has just issued an emergency fix.
Yes, it’s time to patch your Windows operating system against an alarming security hole that could allow remote attackers to run malicious code on your computer, thereby taking "complete control of the affected system."
The critical flaw (CVE-2015-2426), which affects all the supported versions of Windows operating system, resides in the way Windows Adobe Type Manager Library handles specially crafted Microsoft's OpenType fonts.
Once exploited, the vulnerability could allow hackers to execute remotely malicious code on victims’ computer if they open a specially crafted document or visit an untrusted web page that contains embedded OpenType fonts.
"An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," Microsoft said in an advisory published Monday, releasing an Out-of-Band Patch to resolve the issue.
Microsoft’s operating system including Windows Vista, Windows 7, 8, 8.1 and Windows RT are all affected by the critical vulnerability, along with those running Windows Server 2008 and later. Not just this, the flaw also affects Windows 10 Insider Preview.
So far, there are no such indications that the flaw is being actively exploited by the hackers in the wild. But, the chances of exploitation of the vulnerability are now high; so users are advised to update their systems using Windows Update as soon as possible.
Security researchers Mateusz Jurczyk of Google Project Zero, and Genwei Jiang of FireEye were credited by Microsoft for finding the flaw.