Heads up, Windows users. Microsoft on Monday released an emergency patch for a security hole linked to the now infamous Hacking Team breach.
The security flaw could allow an attacker to take full control of your system if you open a specially crafted document or visit a booby-trapped webpage that contains embedded OpenType fonts, Redmond said in its advisory. The vulnerability is rated Critical—Microsoft's highest vulnerability severity rating, reserved for flaws that could allow code execution without user interaction—for all supported versions of Windows.
"Exploitation of this vulnerability may allow a remote attacker to take control of an affected system," according to a Monday advisory from the U.S. Computer Emergency Readiness Team. The attacker would then be able to install programs; view, change, or delete data; and create new accounts with full user rights.
Microsoft says the vulnerability is "public," but there's no indication that attackers have actually taken advantage of it. In a statement to Engadget, the software giant confirmed reports that the flaw is linked to the Hacking Team breach, and reiterated that it is "not aware of any active attacks" right now.
The security flaw could allow an attacker to take full control of your system if you open a specially crafted document or visit a booby-trapped webpage that contains embedded OpenType fonts, Redmond said in its advisory. The vulnerability is rated Critical—Microsoft's highest vulnerability severity rating, reserved for flaws that could allow code execution without user interaction—for all supported versions of Windows.
"Exploitation of this vulnerability may allow a remote attacker to take control of an affected system," according to a Monday advisory from the U.S. Computer Emergency Readiness Team. The attacker would then be able to install programs; view, change, or delete data; and create new accounts with full user rights.
Microsoft says the vulnerability is "public," but there's no indication that attackers have actually taken advantage of it. In a statement to Engadget, the software giant confirmed reports that the flaw is linked to the Hacking Team breach, and reiterated that it is "not aware of any active attacks" right now.