Microsoft has released patches for two critical security flaws in its software products. The patches fix a problem in the Windows operating system, as well as a bug in the Outlook and Exchange messaging software, all of which could theoretically be exploited by attackers to seize control of an unpatched computer.
The Windows bug relates to the way the OS processes embedded Web fonts, which are used by Web page authors to ensure that their pages are displayed exactly as intended. By tricking a user into visiting a Web page with a specially formed embedded Web font, an attacker could, in theory, "take complete control of an affected system," Microsoft warned on its Web site.
The second vulnerability relates to the TNEF (Transport Neutral Encapsulation Format) encoding format used by Outlook and Exchange. In theory, attackers could send specially crafted e-mail messages to unpatched Exchange servers or Outlook clients that could then be used to seize control of the systems running the messaging software.
Because hackers have not yet published code that shows how to exploit these bugs, the two vulnerabilities are not considered as dangerous as the Windows WMF (Windows Metafile Format) flaw that Microsoft patched late last week. But the flaws are critical, and security experts suggest that it may only be a matter of time before they are exploited, PC World reports.