Microsoft announced a particularly stunning security vulnerability
this morning. It's actually a part of the overall Hacking Team leak and has been discussed for some weeks now
, and has been in the wild for some years.
For some reason I completely spaced and had assumed that this was constrained to Flash, because, well, it's Adobe.
Remote kernel mode code execution in a font library that's been a part of Windows since Windows 2000. It doesn't matter what browser you use - Internet Explorer has supported embedding Opentype fonts in its own proprietary way since 5.5, and all other browsers have supported it for many years now
If you are running Vista or later, please run Windows Update and ensure your system is up to date.
If you are still stuck on Windows XP or 2000, you will want to upgrade or switch to a non-Windows system. This is easily the most serious vulnerability to ever be revealed for Windows.
All you have to do is visit a bad or hijacked website.
As an aside, if you have Adobe Flash installed, I would highly recommend removing it. The more people who get rid of Flash, the more websites will stop relying on it, and the less you'll miss.
Likewise, if you have Adobe Acrobat Reader installed, consider replacing it with Sumatra PDF
or Foxit Reader
Be safe, people.
Also, since not everyone is going to click the announcement, please make sure your friends and family are aware of this (here and elsewhere).