Microsoft released a patch today, which is January's "Patch Tuesday", for a vulnerability in the way Windows handles fonts embedded in a webpage. The vulnerability could allow a malicious webpage developer, or someone who has compromised a website, to install an embedded font on a webpage such that when a user views the webpage the user's system could be compromised, potentially even allowing a remote attacker to take complete control of the user's PC.
[ More Info ]
