This week, Microsoft has disclosed a new Windows vulnerability that opened up the OS for remote code execution. The security hole can be found in all supported versions of Windows and is apparently being exploited in “limited targeted attacks”, allowing hackers to remotely run malware on unsuspecting PC users.
The vulnerability involves exploiting a flaw with the Adobe Type Manager Library, which Microsoft uses to render fonts in Windows. According to Microsoft, an attacker could trick a user into opening their PC up for exploitation using phishing methods, such as carefully crafted document files.
At this point in time, there isn't a patch available but Microsoft has labelled this as a ‘critical' flaw, which as The Verge points out, is the company's highest rating. Typically, Microsoft would bundle a patch like this with its regular ‘patch Tuesday' update cycle, which arrives on the second Tuesday each month. In this case, that would mean a fix should be included in updates being pushed on April 14th.
Given that this is labelled as a critical issue though, Microsoft may push out the security update a bit sooner once it has managed to patch it up.
Discuss on our Facebook page, HERE.
KitGuru Says: This is a pretty significant security flaw, but it does require some phishing to get it working. If you recieve any unexpected or suspicious email attachments, then you should avoid them. Hopefully in a few days time, Microsoft can give an update on the status of the patch.