Symantec has joined Microsoft in issuing a threat alert to Windows users to immediately instal a security patch to prevent hackers from taking control.
Microsoft issued an emergency alert on Monday (July 20) stating that vulnerability in Microsoft font driver could allow remote code execution allowing hackers to make serious modifications to the system such as install new programs, create user accounts with full administrative rights and even edit data.
The vulnerability can affect most edition of Windows, be it Windows Vista, Windows server 2008 and 2012, Windows 7 and Windows 8 and 8.1 among other versions.
Explaining the ‘OpenType Font Driver Vulnerability,’ Microsoft said, “A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
It further adds that an attacker could exploit this vulnerability by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage that contains embedded OpenType fonts.
Microsoft says that at the time of issuing the alert it had information to indicate that this vulnerability was public but did not have any information to indicate this vulnerability had been used to attack customers.
The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts.
Online security firm Symantec in an update to its customers urged them to instal the security update as attackers could be moving towards exploiting various computers.
“Given the nature of this vulnerability, it can be expected that attackers will move quickly to incorporate it into exploit kits to target Windows users who are slow to patch their software. Windows users are thus advised to update their computers immediately,” it said.