The Register notes one of the more serious set of bugs involve a remote code execution vulnerability in the graphics component of Windows and Windows Server. This bug can be triggered via a specially-crafted font, in some cases merely be putting said font on a website viewed by the target computer:
Among the more serious bugs are a set of five remote code execution vulnerabilities in the graphics component of Windows and Windows Server (CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016). Each of those vulnerabilities would allow an attacker to pwn PCs via a specially-crafted font, in some cases by simply putting the font on a web page viewed by the target.As always, it's recommended to update your system asap to stay safe.
"Those of us who lived through Duqu always shudder a bit when we see font-related bugs, and these have me downright shivering," writes Dustin Childs of the Zero Day Initiative.
"Since there are many ways to view fonts – web browsing, documents, attachments – it’s a broad attack surface and attractive to attackers."