M$ has announced its first critical security vulnerability of the year 2010 in its Tuesday patch release. This is the vulnerability in the OpenType font engine embedded in the client applications which can lead to remote code execution leading to complete control of the system.

As per the bulletin, the attack can be simulated by opening the malicious content with specially crafted opentype font using applications such as IE or any of the office applications.

This vulnerability also exists in the latest operating system, Windows 7 too. It is marked as critical for Windows 2000 and set as low priority for other Operating systems.

Interestingly this critical security vulnerability was reported by Google, the Microsoft’s No.1 enemy 🙂