Microsoft has released security updates for all supported releases of Windows including Windows 7, Windows 8, Windows 8.1 and Windows Vista to address a critical OpenType font driver vulnerability (CVE-2015-2426). The vulnerability when successfully exploited, the remote code execution vulnerability can enable an attacker to take full control of the affected system, thus allowing an attacker to install programs, change or delete data, and create accounts with full user rights. There are multiple ways an attacker could exploit this vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage that contains embedded OpenType fonts as described in the security bulletin of Microsoft.
Microsoft Security Bulletin
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street