Arcadia Posted March 24, 2020 Posted March 24, 2020 News link https://techcrunch.com/2020/03/23/windows-unpatched-zero-day-bug/ Microsoft link https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006#march-23-flaw “11:06 am PDT • March 23, 2020 Microsoft says attackers are exploiting a previously undisclosed security vulnerability found in all supported versions of Windows, including Windows 10. But the software giant said there is currently no patch for the vulnerability. The security flaw, which Microsoft deems “critical” — its highest severity rating — is found in how Windows handles and renders fonts, according to the advisoryposted Monday. The bug can be exploited by tricking a victim into opening a malicious document. Once the document is opened — or viewed in Windows Preview — an attacker can remotely run malware, such as ransomware, on a vulnerable device. The advisory said that Microsoft was aware of hackers launching “limited, targeted attacks,” but did not say who was launching the attacks or at what scale. Microsoft said it was working on a fix but that the advisory should serve as a warning until a patch is released. Although Windows 7 is also affected, only enterprise users with extended security support will receive patches. In the meantime, the advisory offered a temporary workaround for affected Windows users to mitigate the flaw until a fix is available. ... When reached, a spokesperson for Microsoft reiterated the contents of the post and suggested the patch would land on the next Patch Tuesday, slated for April 14.” Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.