Microsoft has released an update to address a vulnerability in Microsoft Windows in its Microsoft Security Bulletin Summary for January 2010. This vulnerability may allow an attacker to execute arbitrary code. An attacker may be able to exploit this vulnerability by convincing a user to view content rendered in a specially crafted Embedded OpenType (EOT) font in an application that can render EOT fonts. Common applications that can render EOT fonts include Microsoft Internet Explorer, Microsoft Office Word, and Microsoft Office PowerPoint.
US-CERT encourages users and administrators to review the bulletin and apply any necessary updates to help mitigate the risks.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-3502 TrueConf Client…