If you’re on Windows, it’s time for an update. There’s an out-of-band update for all currently supported versions of Windows that patches a flaw allowing remote access and code execution.
While we don’t know how many have been affected by the flaw, it is serious. From Microsoft’s security update post:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.
The post goes on to say “the security update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts.”
OpenType is a format for scalable fonts, and was developed by Adobe and Microsoft. The fonts are available for free, making them attractive for Web designers to use and hackers to target.