Vole said that there is no patch for the vulnerability which it says is "critical" -- its highest severity rating.
The bug is in how Windows handles and renders fonts, according to the advisory posted yesterday.
It can be exploited by tricking a victim into opening a malicious document. Once the document is opened -- or viewed in Windows Preview -- an attacker can remotely run malware, such as ransomware, on a vulnerable device.
The advisory said that Microsoft was aware of hackers launching "limited, targeted attacks," but did not say who was launching the attacks or at what scale.
No word when a fix is coming out either.