Microsoft's security update resolves a vulnerability, CVE-2015-2426, in Windows. The update is considered critical for all supported releases of Microsoft Windows.
The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrustworthy webpage containing embedded OpenType fonts. An attacker could install programs; view, change or delete information or create accounts with full user rights.
The vulnerability was leaked with the Hacking Team email breach. The issue was found by Genwei Jiang of FireEye. Jiang advised Microsoft so it could begin working on a patch as soon as possible.
The security update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts.
Most customers have enabled automatic updates and won't need to take action since the update will be downloaded and installed automatically. Customers who have not enabled automatic updates or who install them manually, can use the links in the Affected Software section to download and install the update.