A previously undisclosed security flaw in all supported versions of Windows Operating Systems has been confirmed by Microsoft. They further confirmed that no patch for the vulnerability will be available until the next scheduled patch on April 14th.
The security flaw which Microsoft has assigned it’s highest severity ranking of “Critical” utilizes a weakness in the way Windows renders fonts.
The flaw can be exploited by tricking the target into opening a malicious document. Once the document is opened, or even viewed in Windows Preview it allows an attacker to remotely run malware on the compromised device.
The advisory states that Microsoft are aware of a limited number of attacks that utilized the vulnerability but did not give details on the scale of these attacks of where they originated from.
Microsoft said that the patch will cover all “in support” versions of Windows. Windows 7 users will not be covered, even though it is one of the versions at risk, except for enterprise users with extended security support.
A workaround to disable the fonts until the patch is released can be found here.