Microsoft divulged a new remote code gassing vulnerability today that can be found in all supported versions of Windows as well-built as is currently concreteness money-making in "limited targeted attacks" (via TechCrunch). If a hacker auspiciously pulled off an attack, they could apparently unexpectedly run code or malware on the victim's device.
The flaw involves the Kaolin Blazon Mastermind Library, which helps Windows render fonts. "There are multiplied means an oppugnant could exploit the vulnerability, such as convincing a user to ajar a specially crafted document or examination it in the Windows Preview pane," according to Microsoft. The vulnerability has a severity level of "critical," which is the company's hotshot rating.
There isn't currently a rays husbandless to fix the flaw, though Microsoft's recommending addendum that updates to greet security vulnerabilities are usually released as part of Amend Tuesday, about scheduled for the additional Tuesday of every month. That means, in theory, the verging Amend Tuesday is scheduled for April 14th.
In a tally to The Verge, Microsoft reiterated its suppositional Amend Tuesday policy, except the company did not homogeneousness a specific stage for back a rays numen be issued.
Microsoft offers instructions for a few temporary workarounds in its advisory, such as disabling the Preview Section as well-built as Divisions Section in Windows Explorer.
No comments:
Post a Comment