Monday, March 23, 2020

New Windows Vulnerability Disclosed by Microsoft

Microsoft recently reported a new Windows vulnerability regarding remote code execution, and the company said that the vulnerability could take place in every available Windows versions.


Such vulnerability, however, can be easily exploited resulting in several “limited targeted attacks,” and the cybercriminals can run malware or codes on the device of the victim remotely if such attacks could be pulled off by them successfully. Further, Microsoft disclosed that attackers and cybercriminals were previously exploiting an unknown security vulnerability available in all versions of windows even including Windows 10.  It has also been revealed by Microsoft that currently, there is no patch for the security vulnerability right now.
Further, the company explained that the security threat having two remote code execution occurs in Microsoft Windows when a specially crafted multi-master font -Adobe Type 1 PostScript format is improperly handled by the Widows Adobe Type Manager Library. The company explained that the cyber-thief could exploit the security vulnerabilities in multiple ways as such the cyber-thief can convince the users to open a particular crafted viewing or file available within the Windows Preview pane. The tech giant, Microsoft, has provided it the rating of Critical, which is also the highest rating given by the company to any vulnerability.
In an advisory introduced by Microsoft, it was said that the company is aware of the cybercriminals launching and exploiting limited, targeted attacks. However, the company refrained from mentioning anything about the attackers who are beginning or operating the attacks and at what scale. The company also said that the company is working hard to find a fix or patch for security vulnerability. Still, until then, the users should take the advisory as a warning. Apart from that, the company said that Windows 7 is also affected by the security vulnerability and only the enterprise users who have extended security support will get the patches.
Amidst all, the advisory introduced by Microsoft has offered a temporary patch for the Windows users who are affected by the security vulnerability and can get rid of the weakness until the company provided a patch for it. Most of the users are aware with the fact that Microsoft often releases the security fixes on the second Tuesday of each month and the so patch regarding the current security vulnerability could be announced on April 14. But, occasionally, the software giant also issues patches in severe cases breaking the rule as was spotted when Microsoft released the emergency patch for the leaked Windows 10 security threat. The windows patch was disclosed when the company found prematurely about a security threat regarding windows 10. However,  it has been speculating by the users that the company may release the patch on Tuesday as it usually does. Still, the company has not yet confirmed anything itself regarding the date of introducing any patch. The company in its advisory has said that the users may opt to disable the preview pant and details in the Windows explorer to mitigate the flaw for some temporary period.
Kellie Minton is an avid technical blogger, a magazine contributor, a publisher of guides at mcafee.com/activate and a professional cyber security analyst. Through her writing, she aims to educate people about the dangers and threats lurking in the digital world  .

No comments:

Post a Comment

McAfee Vs. Kaspersky Internet Security

  McAfee and Kaspersky are well-known names in the antivirus circle. It’s not wrong to say that they can be considered giants in the online ...