Microsoft says hackers are exploiting a vulnerability in ALL versions of Windows


Microsoft says hackers are exploiting a vulnerability in ALL versions of Windows that lets them hijack users’ computers — and there’s currently no fix

  • The flaw emerges from the way that Windows handles and renders fonts
  • Hackers can exploit it by tricking users into opening a malicious document 
  • Microsoft said that a patch addressing the flaw should be released on April 14
  • However, most outdated Windows 7 systems will not receive such an update
  • Meanwhile, the tech firm has released a list of workarounds for users to employ 

Microsoft says that hackers are exploiting a vulnerability in all current versions of Windows that lets them hijack users’ computers — and there’s currently no fix.

The security flaw — which the tech firm has given its highest severity rating of ‘critical’ — emerges in the way that Windows handles and renders fonts.

Hackers can exploit the vulnerability by tricking users into opening a malicious document — or viewing it in Windows Preview. 

This allows malware — like ransomware — to then be remotely launched onto the victim’s system. 

It is unclear how many systems have been targeted by the attack — however, Microsoft have said a patch will likely be available on April 14.

Scroll down for video   

Microsoft says that hackers are exploiting a vulnerability in all current versions of Windows that lets them hijack users’ computers — and there’s currently no fix

WHICH OS VERSIONS ARE AFFECTED? 

Windows 10

Windows 8.1

Windows RT 8.1 

Windows Server 2019

Windows Server 2016

Windows Server 2012 R2 

Windows Server 2012 

Windows Server 2008

Windows 7 

‘Microsoft is aware of limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library,’ a spokesperson for the tech firm wrote in a security advisory published on the Microsoft website.

The vulnerabilities emerge, the firm explained, when the the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font — the Adobe Type 1 PostScript format.

‘There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane,’ added Microsoft.

‘Microsoft is aware of this vulnerability and working on a fix,’ the security advisory continued.

‘Updates that address security vulnerabilities in Microsoft software are typically released on Update Tuesday, the second Tuesday of each month. 

‘This predictable schedule allows for partner quality assurance and IT planning, which helps maintain the Windows ecosystem as a reliable, secure choice for our customers.’

The next patch Tuesday is scheduled to fall on April 14, 2020. 

Although Microsoft has been known to issue security patches outside of the usual monthly schedule, a spokesperson told TechCrunch that the patch for the newly-identified vulnerability would likely  be released on patch Tuesday.

The security flaw — which the tech firm has given its highest severity rating of 'critical' — emerges in the way that Windows handles and renders fonts

The security flaw — which the tech firm has given its highest severity rating of ‘critical’ — emerges in the way that Windows handles and renders fonts

The security flaw — which the tech firm has given a rating of 'critical' — emerges in the way that Windows handles and renders fonts. Hackers can exploit the vulnerability by tricking users into opening a malicious document — or viewing it in Windows Preview. This allows malware — like ransomware — to then be remotely launched onto the victim's system

The security flaw — which the tech firm has given a rating of ‘critical’ — emerges in the way that Windows handles and renders fonts. Hackers can exploit the vulnerability by tricking users into opening a malicious document — or viewing it in Windows Preview. This allows malware — like ransomware — to then be remotely launched onto the victim’s system

The security flaw is also present in Windows 7, the version of Microsoft’s operating system that was released in 2009 and ceased to receive updates on January 14, 2020.

As a result, Only Windows 7 enterprise users with extended security support will receive  a patch for the  newly-identified weakness.

More information on the security vulnerability — including temporary workarounds for affected Windows users — can be found on the Microsoft website.