The first Microsoft patch for 2010 is out, providing cover for a solitary vulnerability in the way Windows handles EOT (Embedded OpenType) fonts. The update is rated critical but Microsoft says there is a low likelihood of exploitation on its newer operating systems. The vulnerability, discovered by Google security engineer Tavis Ormandy, is a remote code execution issue. The company warned that malicious hacker could use rigged fonts delivered within files hosted on Web sites that are rendered in Internet Explorer by Internet Explorer.
Source: https://threatpost.com/ms-patches-critical-flaw-eot-font-engine-011210/73360/