Microsoft pushes out emergency fix for font file Hacking Team hole

Tech firms are still rushing to plug holes exposed by the hack of Hacking Team earlier this month. Microsoft already patched two vulnerabilities last week and now it's rolling out a third emergency fix for a vulnerability in the way the Windows Adobe Type Manager Library handles fonts that use Microsoft's OpenType format.

Attackers can use this vulnerability to take complete control of vulnerable computers via booby-trapped-websites or by tricking users into opening malicious files. There are no indication that the vulnerability is being actively exploited in the wild but that could change fast.

The patch comes six days after Microsoft fixed a separate vulnerability in the Adobe Type Manager Font Driver. Despite the similarity to the Windows Adobe Type Manager Library being patched in Monday's emergency release, this appears to be a separate bug. The earlier security bug became public knowledge following the breach two weeks ago of Hacking Team networks and has been actively exploited in the wild, presumably in combination with an Adobe Flash exploit, so attackers could break out of the Google Chrome security sandbox and achieve remote code execution.

If you have Windows Update enabled, your system will update automatically.