BankInfoSecurity
Compliance
Compliance
Twitter
Get Permission
Microsoft has patched a critical vulnerability in Windows that can be exploited by tricking users to visit websites that use a malicious font. The flaw was found by Google's Project Zero bug-hunting team.
Hackers can exploit the flaw to wage web-based attacks, Microsoft says.
"In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability," the company says.
Hackers likely would spread links to malicious websites via phishing emails or Instant Messenger, according to Microsoft.