Security researchers say it s only a matter of time days not weeks before malicious hackers start exploiting one of the vulnerabilities via booby-trapped Web pages or Office (Word or PowerPoint) documents. A proof-of-concept exploit has already been fitted into the Metasploit point-and-click tool. Microsoft expects to see reliable exploit code publicly available within 30 days. The specific vulnerability in the font parsing subsystem of the Windows Windows driver provides an entry point for hackers.
Source: https://threatpost.com/ms-bracing-malware-attacks-embedded-fonts-111209/73090/