‘Critical’ Patch Issued by Microsoft for Hacking Team Bug

A critical emergency patch has been released by Microsoft to plug a security hole that’s related to the recent Hacking Team breach. The software giant has confirmed that the patch is issued in response to vulnerabilities revealed by the Hacking Team breach. The company isn’t taking any chances, even though it is “not aware of any active attacks”, Engadget reports.

All in time for the big release of Windows 10

The next big upgrade of Microsoft’s flagship operating system is due in a few weeks, with Windows 10. The Redmond-based software firm will hope to avoid any high-profile security concerns leading up to the release.

PC users are currently being sent a critical security update that patches a vulnerability that could potentially allow an attacker to take complete administrative control of a Windows machine if a specific document is opened. The exploit could also be triggered if an unsuspecting user visits a malicious webpage containing OpenType fonts.

“This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts,” said Microsoft in a security bulletin before pushing out the patch.

The patch is to address a specific vulnerability in the way Windows Adobe Type Manager Library handles OpenType fonts, according to the company.

It is worth noting that the source code which contains the vulnerability was originally discovered on 6 July and has been floating around on the internet ever since. PC users are advised to download the security patch immediately if automatic updating isn’t enabled. Windows machines with enabled automatic updating needn’t take any action.

“This security update is rated Critical for all supported releases of Microsoft Windows,” Microsoft added.

Instructions to download the patch manually and complete security advisory can be found here.