If you haven't already applied Microsoft's latest Windows security update, you need to do so now That's because this update fixes a flaw that could cause Windows 10 to crash or hack with just one character displayed on a web page

I'll spare you the technical details of how this works, as you can read the Google Project Zero forum post, but the attack involves a maliciously crafted TrueType font being embedded in the web page

Visitors to the page must click "OK" to view (ie, download) the malicious font, but it is not that difficult to trick people into doing something online

A successful attack will crash any PC running any version of Windows 10, unless the February 9 patch is installed Windows 81, the only Windows version that Microsoft still supports, appears to be unaffected

If you would like to try this attack yourself, Google Project Zero has a proof-of-concept malicious font and a web page displaying it that you can download here This attack should work on Google Chrome, Microsoft Edge, and Mozilla Firefox browsers, unless your PC has been recently updated Try at your own risk

We tried the proof-of-concept ourselves and saw only a fuzzy version of the "Æ" character that you may have memorized when you studied "Beowulf" in school However, our computer did install this month's Microsoft update

To our knowledge, there have been no reports of this flaw being used in an actual attack That may change now that the secret has been exposed

Dominik Röttsches and Mateusz Jurczyk of Google discovered the flaw last November and gave Microsoft 90 days to fix it