An emergency patch has been released by Microsoft, to patch a “critical” bug present across almost all versions of Windows.
Google security researchers were among a team of experts who helped locate the vulnerability, and the loophole was so severe that Microsoft needed to release the patch outside of its normal monthly update.
The loophole gave would-be attackers the opportunity to take over the target computer and execute their own code on the system.
Microsoft has stated in an advisory note that the bug was being discussed online, however it had no information “to indicate this vulnerability had been used to attack customers”. Microsoft went on to suggest that attackers exploiting this loophole could take “complete control” of an affected system. Booby trapped websites or malicious email attachments are examples of how the attackers could trick Windows users into unwittingly opening the loophole.
Windows 7, 8 and RT as well as older versions (such as Vista, Server 2008 / 2012) have been found to contain the vulnerability.
This patch arrives less than a week after another loophole was closed by Microsoft in the same font-handling system. That particular loophole was uncovered following an attack on the Hacking Team, a security company based in Milan. Hundreds of megabytes of documents were stolen in the attack, which leaked information about software bugs that they had been planning to exploit for it own benefit.