Info-tech

Microsoft working on fixing ‘critical’ security flaw affecting Windows users

Hemani Sheth Mumbai | Updated on March 24, 2020 Published on March 24, 2020

Microsoft on Monday disclosed a new vulnerability found in all supported versions of Windows that allows hackers to run code or inject malware into the user’s device.

The security flaw has been deemed ‘critical’ by the software giant. The vulnerability can be found in the Adobe Type Manager Library which is used by Windows to render fonts.

The flaw lets hackers in executing “limited targeted attacks” allowing them to run code or malware remotely on a user device.

“Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane,” Microsoft said in a security advisory.

The tech giant said that it is working on fixing the issue.

Until a security update is released, Microsoft has suggested a workaround for the issue asking users to disable the Preview and Details panes in Windows Explorer which prevents the automatic display of OTF fonts in Explorer.

Another workaround suggested by the software major is disabling the web-client service.

“Disabling the WebClient service helps protect affected systems from attempts to exploit this vulnerability by blocking the most likely remote attack vector through the Web Distributed Authoring and Versioning (WebDAV) client service,” Microsoft said.

The security patch, when released will not be extended to all Windows 7 users except for enterprise users with extended security support even though Windows 7 has also been affected. Others will have to manage with the workaround as suggested by the company.

This is in light of Microsoft ending the official support for Microsoft Windows 7 back in January 2020.

According to an official release, “Microsoft will not be providing technical support for any issues, software updates, security updates or fixes for Windows 7 post-January 14.”

Published on March 24, 2020
  1. Comments will be moderated by The Hindu Business Line editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.