Appledystopia: Independent Technology News

Hackers Exploit Windows Security Flaw

By Chand Bellur

March 23, 2020 at 8:07 p.m. PDT

  • Microsoft issued a warning today that malicious users are actively exploiting a security flaw in Windows.
  • Opening an infected document could allow execution of malicious code.
  • There’s no patch for this vulnerability, however, users can disable some services to protect their PCs.

Windows Security Flaw Affects Hundreds of Millions of PCs

Windows PCs still dominate the computer market, with malicious actors targeting these systems frequently. The latest security flaw enables malicious users to embed attacks within documents.

For now, the actual attacks are not widespread. They’re targeted at specific PCs. Now that the flaw is public, however, it’s possible for others to take advantage of it.

Microsoft issued the following statement today:

Microsoft is aware of limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released.

Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.

There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.

Microsoft is aware of this vulnerability and working on a fix. Updates that address security vulnerabilities in Microsoft software are typically released on Update Tuesday, the second Tuesday of each month. This predictable schedule allows for partner quality assurance and IT planning, which helps maintain the Windows ecosystem as a reliable, secure choice for our customers. The operating system versions that are affected by this vulnerability are listed below. Please see the mitigation and workarounds for guidance on how to reduce the risk.

How to Secure Your Windows PC

Microsoft also offered workarounds that should protect Windows users until a patch is developed. Unfortunately, some of these measures can hobble machines.

Microsoft advises that users disable the WebClient service. This has the unfortunate side effect of disabling Web Distributed Authoring and Versioning (WebDAV), a file sharing system. This could impact some users who are working from home.

Other recommended system changes disable the ability to preview documents in Windows Explorer. Windows users will have to open documents to quickly browse their content, making work much more time consuming.

Detailed instructions are provided for implementing workarounds and reverting them. Microsoft will likely fix the issue soon.

Recent

Where Is My iPhone’s Microphone?
A Complete Guide to T-Mobile’s Home Internet Plans and Pricing
How to Get a Free iPhone
Easy Steps For Watching YouTube on Your TV
A Step-by-Step Guide to Screen Record on iPhone

Trending

How to Calibrate Your iPhone's Battery
iPhone Tips for Cold Weather
Best Apple Deals at Amazon
Apple TV Channels
How to Use Your iPhone’s Microphone

Exclusive

Facebook Oversight Board Reverses Moderation Decisions
Apple One: Another Missed Opportunity
Fortnite Returning to iPhone?
How to Turn off iPhone and iPad Auto-Brightness
Apple’s T2 Chip Leaves Mac Vulnerable

© 2023 Appledystopia | Privacy & Cookie Policy | Terms of Service