On the security advisory note published Monday, Microsoft explained the vulnerability as critical one, which effects every version of windows system. They said-- if the vulnerability exploited, could "allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts."
According to the published advisory, the following system were affected of the flaw, Windows Vista, Windows 7, 8, 8.1 and Windows RT are all affected, including those running Windows Server 2008 and later.
Microsoft also mentioned that the vulnerability was already public but they don't have any evidence of been exploited. Just last week Microsoft had released a security patches for several vulnerability as a Tuesday Patch Updates.
Till yet it is not been cleared who disclosed the vulnerability, but It is believed that Google Project Team may be behind it.
User are recommended to update there windows system as soon as possible, and updates can be done from Windows Updates features.