Hackers are now exploiting a pair of previously unknown vulnerabilities in Microsoft Windows, that can be used to create and plant documents booby-trapped with malware, to help them take over your computer, reports PC Mag.
[Tweet “Hackers are now exploiting a pair of previously unknown vulnerabilities in Microsoft Windows that can be used to create and plant documents booby-trapped with malware.”]
On Monday Microsoft said via a security advisory that it is “aware of limited targeted attacks” abusing two flaws – that as of now remain unpatched and still viable. The flaws are included in operating systems from Windows 10 to Windows 8.1 and Windows 7, along with various other Windows Server versions. All are affected.
Microsoft is of yet refraining to disclose any details about the attacks, and just how prolific they have been.
In the advisory, Microsoft says that “There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.”
Microsoft is aware of limited targeted attacks that could leverage unpatched vulnerabilities in the Adobe Type Manager Library, and is providing guidance to help reduce customer risk until the security update is released. See the link for more details. https://t.co/tUNjkHNZ0N
— Security Response (@msftsecresponse) March 23, 2020
The two system vulnerabilities are with the Windows Adobe Type Manager Library, which is used to parse and properly display Adobe-based fonts on a PC. Microsoft says that the library will mishandle a specially crafted multi-master font known as Adobe Typ 1 PostScript format. The error following this mishandling can cause what is known as a code execution, which a hacker can abuse to manipulate a PC to download and install additional malware.
Microsoft’s patch probably won’t arrive until about 14 April. The company has come up with a few temporary solutions to mitigate attacks in the meantime. These include:
- Disabling the Preview Pane and Details Pane in Windows Explorer
- Renaming the Adobe Type Manager Font Driver file “ATMFD.dll.”
With more people than ever working from their home computers during the coronavirus lockdown, these flaws couldn’t have been discovered at a worse time. Cybercriminals continue to prey on users when they are at the most vulnerable.
Microsoft’s History of Windows Flaws
Microsoft’s Windows OS is currently the most used operating system on Earth for desktop and laptop computers, and that means their OS is open to far more people tearing through to isolate flaws in the code.
Recently, Windows 10 has been singled out for the many flaws that have plagued the system. Its most recent – system crashes that completely delete user data.
Edited by Luis Monzon
Follow Luis Monzon on Twitter
Follow IT News Africa on Twitter