Windows 10 PCs can crash from this single character — update right now

blue screen of death
(Image credit: Shutterstock)

If you haven't yet applied Microsoft's latest Windows security updates, you need to do so now. That's because the updates fix a flaw that could crash or hack Windows 10 with a single character displayed in a web page.

We'll spare you the technical details of how this works — you can read all about it in this Google Project Zero forum post — but an attack would involve a maliciously crafted TrueType font embedded in a web page. 

A visitor to the page would have to click "OK" to view (and therefore download) the malicious font, but it's not too hard to trick people into doing things online.

A successful attack would crash a PC running any version of Windows 10, as long as the machine hasn't installed the Feb. 9 patches. Windows 8.1, the only other version of Windows that Microsoft still supports, doesn't seem to be affected.

If you'd like to try out the attack yourself, Google Project Zero lets you download a proof-of-concept malicious font and a web page to display it here. The attack should work in the Google Chrome, Microsoft Edge and Mozilla Firefox browsers if the PC hasn't recently been updated. Try this at your own risk.

We tried out the proof-of-concept ourselves and just saw a fuzzy version of the "Æ" character you may remember from studying "Beowulf" in school. But our computer has installed this month's Microsoft updates.

As far as we know, there are no reports of this flaw being used in real-life attacks. That may change now that the secret is out.

Google's Dominik Röttsches and Mateusz Jurczyk found the flaw last November and gave Microsoft 90 days to fix it.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Latest in Windows Operating Systems
Microsoft Office is finally as it should have been on iPad
Microsoft tests free Word, PowerPoint and Excel apps for Windows — expect a lot of ads
laptop anger
Latest Windows 11 update reportedly breaking major parts of the operating system
Windows 10 logo
Windows 10 end of life set for this year — everything you need to know to get ready
Windows 11 logo on a laptop screen
I reviewed Windows 11, and these are the 5 new features I'm most excited about for 2025
A Windows 11 laptop, demonstrating how to run Android apps on Windows 11
How to remove the Windows 11 news and weather widget
Man typing on Windows 11 laptop
Microsoft confirms major Windows 11 and Windows 10 audio bug is cutting sound on PCs
Latest in News
Sterling K. Brown in Paradise
Hulu top 10 shows — here's the 3 worth watching right now
iPhone 16
Hoping for a new iPhone 16 color? Here's why that's looking unlikely
iOS Photos app
iOS 18.4 Photos update makes it easier to sort, hide and delete your photos on iPhone — here’s what you can do
Dyson Purifier Cool (TP11) in office
Dyson just launched its new high-tech air purifier — right in time for allergy season
Nvidia RTX 5090
RTX 5060 breaks cover in Acer gaming PC — is Nvidia’s next GPU launch imminent?
Samsung Galaxy Tab S10 FE renders
Samsung's Galaxy Tab S10 FE crushes its predecessor with 40% speed boost in leaked benchmark