Security firm FireEye has claimed the credit for finding the bug, explaining that it picked it up while trawling through documents released from the hack on the infamous Hacking Team operation.
Microsoft today disclosed a security vulnerability that could lead to remote code execution – someone taking unwanted control over a PC or server – affecting several versions of Windows.
Microsoft says there’s no evidence of the vulnerability being exploited as yet, but now its existence is out in the open, Windows users should update their software as soon as possible.
The relatively short period between the launch of Windows 10 on July 29 and the planned update will allow Microsoft to correct any major performance issues fairly quickly.
The Windows Adobe Type Manager Library “improperly handles” certain OpenType fonts, which trigger a remote code execution vulnerability.
When Hacking Team’s server was breached and gigabytes of the company’s internal data made public, it was bad news for everyone.
If you want to get a headstart on the upgrade process, you should “reserve” your download.
If you’ve got automatic updates enabled, the patch should come through automatically.
Microsoft says that it has information that the vulnerability and its exploitation are known in the wild, although it has not heard of any active exploits yet. The company last issued an emergency patch like this in November 2014. It already brought Windows 8.1 to the Surface RT and Surface 2, and a substantial update expected in September is meting swift compromise to the remaining user base. Microsoft delivers security patches every second Tuesday of the month (hence the name Patch Tuesday). The new operating system will feature new protective features and technology like Device Guard and Windows Hello, which is a new biometric security system.
There are multiple ways an attacker could exploit the vulnerability, mostly via social engineering.