Microsoft has three critical Windows updates available for vulnerabilities already being used by hackers. Critical issues like these are called zero-day vulnerabilities.
Among the flaws with fixes is a patch to Internet Explorer that fixes 14 vulnerabilities. The worst of them could allow an attacker to execute malicious code if you view their website. This fix is called MS14-056 and you will have to restart your computer for this update to go into effect.
Updates also address vulnerabilities in that can allow attackers to take control of your computer and one that allows malicious software to be embedded in TrueType fonts. Yep, they can get to you through your fonts, too. The TrueType vulnerability is in a kernel-mode driver. I point this out because this is a flaw that needs to be fixed at a very basic level – the kernel.
Only Microsoft has the necessary information about Windows to permanently patch this flaw. If you’re using Vista, Windows 7, 8 or 8.1 – the company is sharing the information with third-party security providers to fix the problem. It you’re still running XP, there’s no security patch being shared with third-party security providers, so there’s no way to permanently remove it from your system.
And hackers can reverse engineer the patch and use it to develop attacks against XP. So, keep that XP machine offline.
Another vulnerability addressed in these updates is Sandworm, a bug that has already attacked various government agencies and companies and a flaw that allows attackers to bypass the security measure in Microsoft Developer Tools.
There are 24 vulnerabilities addressed in all. If you have your computer set to update automatically, you should be good.