Microsoft has today released a critical out-of-band security update for all supported versions of Windows, addressing a serious flaw that could potentially lead to remote code execution on unpatched systems.
The update resolves a vulnerability surrounding OpenType fonts. Without the update installed, if a user opens a "specially crafted" document or visits a dodgy webpage that contains embedded OpenType fonts, an attacker could remotely execute code on the victim's system.
Microsoft says the security update "addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts". The company has graded the severity of the exploit as "critical" and says that exploitation is "more likely" to occur, although no exploits have been detected in the wild yet.
Considering this security update has not been bundled with Microsoft's next Patch Tuesday release, it's probably a good idea to head into Windows Update and download the patch right away. If you have automatic updates installed (as you should have on your system), this process will be taken care of for you.
The update is available for all supported version of Windows: Vista, 7, 8 and 8.1, Server 2008 and 2008 R2, Server 2012 and 2012 R2, and even RT 8.1
.