This has vast damage potential, and we're not sure why it isn't receiving more media attention. The flaw exists in the way that fonts are opened and displayed - so in any situation where hackers can get your computer to display a custom font, they can take control over your system. This includes just visiting a web page for example.
This is uniquely damaging because it's software-independent. It would apply regardless of the browser you are using, as presumably they all use Windows' own mechanisms for loading and displaying fonts.
We advise all customers to ensure they have the latest OS patches.