Microsoft has confirmed some Windows 10 machines are being attacked via an un-patched vulnerability within the computer operating system. The American tech giant has confirmed it’s working to remedy the compromise, but at the moment there isn’t a known fix.
The new susceptibility is found in all Windows versions that are still supported by Microsoft, including some builds of Windows 10.
So how exactly can a hacker exploit the compromise you ask? Well, according to TechCrunch, it can be as simple as tricking a user into opening a document with Windows Preview. After this has been completed, the attacker is free to run various forms of malware on the targeted device.
Discussing the Windows vulnerability, Microsoft said: “Microsoft is aware of limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released.
- Android WARNING: If your kids have downloaded these apps, DELETE now
“Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.
“There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.”
Unfortunately, Microsoft did not detail exactly how many attacks have taken place. Meaning it’s currently unclear just how widespread the issue actually is.
Microsoft suggested a fix for the vulnerability could be released in its next Update Tuesday – a series of remedies that are rolled out for Windows 10 on the second Tuesday of each month. That said, the tech giant didn’t explicitly confirm the vulnerability described above would definitely be patched.
Microsoft’s next Update Tuesday will take place on Tuesday, April 14.
The Redmond firm went on: “Microsoft is aware of this vulnerability and working on a fix. Updates that address security vulnerabilities in Microsoft software are typically released on Update Tuesday, the second Tuesday of each month. This predictable schedule allows for partner quality assurance and IT planning, which helps maintain the Windows ecosystem as a reliable, secure choice for our customers.”
Of course, Express.co.uk will update you the moment a fix is released for this latest Windows software vulnerability.
Source: Read Full Article