Microsoft today disclosed a security vulnerability that could lead to remote code execution — someone taking unwanted control over a PC or server — affecting several versions of Windows.
The security issue affects Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.
“The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts,” Microsoft explained in its security bulletin on the disclosure. Adobe and Microsoft jointly work on the OpenType file format.
Patches for the vulnerability are available and will be rolled out to most Windows users who accept automatic updates. For those who don’t have that option turned on, Microsoft has several workarounds available.
June 5th: The AI Audit in NYC
Join us next week in NYC to engage with top executive leaders, delving into strategies for auditing AI models to ensure fairness, optimal performance, and ethical compliance across diverse organizations. Secure your attendance for this exclusive invite-only event.
Usually Microsoft comes out with fixes to security issues on Tuesdays — hence the term Patch Tuesday. This one’s falling on a Monday.
The news comes just a few days before Microsoft launches Windows 10 on July 29.
