Major Windows bug is letting hackers attack users, says Microsoft

A bug in Windows is allowing hackers to attack computer users, Microsoft has said.

The company is aware of the bug but is yet to patch it. It said that attackers are exploiting the bug, but did not say who they were or how prevalent it is.

Microsoft said that it is working on a fix for the problem, but suggested that it may not be out until next month at the earliest.

But it did say that the threat is low in Windows 10 because Microsoft had added protections in that version of the operating system. It was not aware of any attacks on people running that latest version of the software, it said, and recommended that users upgrade if they can.

The bug has been classified as "critical" – the highest-possible level of alert – by Microsoft, which also sent out advice to computers users to try and keep them safe.

It seizes on a problem with the Adobe Type Manager Library, which collects fonts together. Because of a specific problem with a particular font, the operating system could be taken over by hackers, Microsoft warned.

It could be used in a variety of different ways, including tricking a user into opening a specially made document or looking at it in the Windows Preview screen.

While Microsoft said that it was working on a fix, it noted that security updates are usually issued on "Update Tuesday", which falls on the second Tuesday of each month. It appeared to suggest the fix would not arrive until that day, which would leave the problem unfixed until 14 April.

"This predictable schedule allows for partner quality assurance and IT planning, which helps maintain the Windows ecosystem as a reliable, secure choice for our customers," said in its update.