Microsoft on Monday issued an emergency fix for all supported versions of its Windows operating system, fixing a critical remote code execution vulnerability that could be exploited by hackers to infect computers with malware.Thereby taking complete control of the affected system.
The critical flaw (CVE-2015-2426), which affects all the supported versions of Windows operating system, Windows Vista, Windows 7, Windows 8 and 8.1 and Windows RT, representing two out of every three of the 1.5 billion PCs running Windows around the world, resides in the way Windows Adobe Type Manager Library handles specially crafted Microsoft’s OpenType fonts.
An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
There are multiple ways an attacker could exploit this vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage that contains embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts.
If it is not possible for you to quickly roll out the patch across your organization, you can read the Microsoft Security advisory.
There will be no update for Windows XP and Windows Server 2003 as they no longer supported by Microsoft. So if you use either of the two then its time for you to upgrade it.
Source : Cnet
