Merely loading a Web page doesn't sound like something that should be able to get users in trouble. But thanks to leaked memos from the spyware developers known as Hacking Team, we now know better.
By opening a document or website that has a malicious OpenType file embedded in it, your system could be completely taken over by a hacker. Fortunately, Microsoft has released an emergency patch to fix this gaping vulnerability.
The flaw is found in all supported versions of Windows, from Vista to 8.1, and exists because of how the Windows Adobe Type Manager Library interacts with OpenType fonts. (It's likely that Windows XP is vulnerable too, but most of its users won't get a patch.)
In a security advisory, Microsoft explained "that this vulnerability was public" but noted that the company "did not have any information to indicate this vulnerability had been used to attack customers."
The patch is formally called Security Update KB3079904, and Microsoft regards it as so important that the company released it without waiting for the next Patch Tuesday monthly software update on Aug. 11. It's the third Microsoft patch for previously unknown exploits detailed in the Hacking Team document leak; Adobe Systems has also issued three Flash Player patches related to the Hacking Team files.
How To Get Windows Security Update KB3079904
1. Click on the Windows button. (In Windows 8, right-click on the Windows button and select Control Panel, and skip to step 3.)
2. Select Control Panel.
3. Click Windows Update after scrolling down.
4. Click on the number of updates that are available. You'll need to confirm that the necessary update will be installed.
5. Make sure the box for the KB3079904 Security Update for Windows is checked and click OK.
6. Select Install updates.
The updates will download.
6. Select Restart now to install the updates, after saving all open files.
- How To Get Windows 10 For Free
- Best Antivirus Protection for PC, Mac and Android
- Mobile Security Guide: Everything You Need to Know