Press "Enter" to skip to content

Microsoft Reveals New Windows Vulnerability That’s Being Actively Exploited


Microsoft has discovered a beforehand undisclosed vulnerability its Windows working system for PCs. The vulnerability might be present in all supported variations of Windows, together with Windows 10. Microsoft introduced the vulnerability in an advisory, which mentioned that it’s being exploited within the type of restricted focused assaults. It implies that if a hacker efficiently pulls off an assault on a pc, they might remotely run a malware on the sufferer’s gadget. The vulnerability entails Adobe’s Type Manager Library that’s used to render fonts in Windows.

In its advisory, Microsoft mentioned that the restricted focused assaults that would leverage unpatched vulnerabilities within the Adobe Type Manager Library, by means of which an attacker can leverage fonts. The firm additional supplied pointers to customers to be able to decrease the chance till a safety replace is launched. Using this vulnerability, an attacker can trick a consumer into opening a specifically crafted doc or view it within the Windows Preview pane, by means of which they will remotely run a malware or a malicious code on a sufferer’s gadget.

“There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane,” the Microsoft advisory mentioned. The vulnerability has been rated ‘important,’ Microsoft’s highest ranking.

Now, though Microsoft has mentioned that it’s engaged on a repair, the corporate notes that updates to handle safety vulnerabilities are normally launched as a part of Update Tuesdays, which is the second Tuesday of each month. In the meantime, it has listed out directions for a couple of momentary workarounds within the advisory, like disabling Preview Pane and Details Pane in Windows Explorer. Microsoft has additionally listed out the Windows variations which can be affected by this vulnerability.

In its statements to The Verge and TechCrunch, Microsoft said that the safety patch for this vulnerability will land on the subsequent Update Tuesday, slated for April 14.

Be First to Comment

    Leave a Reply

    %d bloggers like this: