Comments
Microsoft on Monday disclosed a new vulnerability found in all supported versions of Windows that allows hackers to run code or inject malware into the user’s device.
The security flaw has been deemed ‘critical’ by the software giant. The vulnerability can be found in the Adobe Type Manager Library which is used by Windows to render fonts.
The flaw lets hackers in executing “limited targeted attacks” allowing them to run code or malware remotely on a user device.
“Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane,” Microsoft said in a security advisory.
The tech giant said that it is working on fixing the issue.
Until a security update is released, Microsoft has suggested a workaround for the issue asking users to disable the Preview and Details panes in Windows Explorer which prevents the automatic display of OTF fonts in Explorer.
Another workaround suggested by the software major is disabling the web-client service.
“Disabling the WebClient service helps protect affected systems from attempts to exploit this vulnerability by blocking the most likely remote attack vector through the Web Distributed Authoring and Versioning (WebDAV) client service,” Microsoft said.
The security patch, when released will not be extended to all Windows 7 users except for enterprise users with extended security support even though Windows 7 has also been affected. Others will have to manage with the workaround as suggested by the company.
This is in light of Microsoft ending the official support for Microsoft Windows 7 back in January 2020.
According to an official release, “Microsoft will not be providing technical support for any issues, software updates, security updates or fixes for Windows 7 post-January 14.”
Comments
COMMENT NOW
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.