BankInfoSecurity Compliance Compliance Twitter Get Permission Microsoft has patched a critical vulnerability in Windows that can be exploited by tricking users to visit websites that use a malicious font. The flaw was found by Google's Project Zero bug-hunting team. Hackers can exploit the flaw to wage web-based attacks, Microsoft says. "In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability," the company says. Hackers likely would spread links to malicious websites via phishing emails or Instant Messenger, according to Microsoft.