If you haven't already applied Microsoft's latest Windows security update, you need to do so now. That's because this update fixes a flaw that could cause Windows 10 to crash or hack with just one character displayed on a web page.

I'll spare you the technical details of how this works, as you can read the Google Project Zero forum post, but the attack involves a maliciously crafted TrueType font being embedded in the web page.

Visitors to the page must click "OK" to view (i.e., download) the malicious font, but it is not that difficult to trick people into doing something online.

A successful attack will crash any PC running any version of Windows 10, unless the February 9 patch is installed. Windows 8.1, the only Windows version that Microsoft still supports, appears to be unaffected.

If you would like to try this attack yourself, Google Project Zero has a proof-of-concept malicious font and a web page displaying it that you can download here. This attack should work on Google Chrome, Microsoft Edge, and Mozilla Firefox browsers, unless your PC has been recently updated. Try at your own risk.

We tried the proof-of-concept ourselves and saw only a fuzzy version of the "Æ" character that you may have memorized when you studied "Beowulf" in school. However, our computer did install this month's Microsoft update.

To our knowledge, there have been no reports of this flaw being used in an actual attack. That may change now that the secret has been exposed.

Dominik Röttsches and Mateusz Jurczyk of Google discovered the flaw last November and gave Microsoft 90 days to fix it.