According to Microsoft: “This security update resolves a vulnerability in Windows that could allow remote code execution if a user opens a specially crafted document or goes to an untrusted webpage that contains embedded OpenType fonts.” The Microsoft Security advisory site provides additional details: Microsoft says it’s not aware of any customers being attacked yet, but because it released this patch today, the company appears to feel it’s potentially a serious problem.

If you’re an IT admin, read the Microsoft Security advisory page for details about workarounds you can use if it’s not possible to roll out the patch throughout your company system. Remember, if you’re still running XP for some reason, you are out of luck for this patch. In fact, you shouldn’t be running XP anyway, at all, it’s a security disaster waiting to happen. Windows XP is safe to use if you confine your XP computers to offline applications and visiting known safe sites only, or using the Intenet more directly (for example, transferring files using Dropbox). Also, Emsisoft will support XP at least into 2016. AVG has not yet (I believe) announced a date at which it will drop XP support. Kaspersky Labs says actual XP usage has reduced only a little, so they will continue to offer antivirus support. If you must use a browser on XP, at least stay away from Internet Explorer. And consider installing Linux on your XP computer for a new lifetime of usage. Comment

Δ