Posted on March 25, 2020 at 1:57 PM
Hackers are Hiding Malicious Code in Windows Fonts
Microsoft revealed that cyber attackers are exploiting some security flaws in all Windows versions, including Windows 10. However, the tech giant said the vulnerability doesn’t have a patch yet.
Microsoft said the vulnerability is a critical one, which has the highest vulnerability rating. In an advisory the company released on Monday, the flaw is derived from the handling and rendering of fonts.
“Microsoft is aware of limited targeted attacks that could leverage unpatched vulnerabilities in the Adobe,” Microsoft said in a statement.
How flaw is exploited
The attackers are exploiting the vulnerability by deceiving the victim to open a malicious file. Once the victim opens the file or document, the attackers launch their malware into their systems. The attacker can take hold of the victim’s computer by installing ransomware on the vulnerable system.
Microsoft also revealed that the hackers were sending limited targeted attacks. However, it did not mention the level of attack or who was responsible for the attack.
Currently, there is no patch to the vulnerability
Microsoft reiterated that although there is no solution to the vulnerability, it’s seriously working to provide a fix. But until the fix and the necessary patch is released, it’s warning users to be aware of the activities of such hackers on their systems.
However, not all Windows users will be able to receive a patch for the flaw. The patch is available to enterprise users that have additional security support. Microsoft has issued advice to users to help them scale through the attack until a permanent solution is established.
The company generally sends patches for updates on the second Tuesday of every month. But it sometimes issues emergency patches in very serious security breach situations.
Patch for vulnerability will be released next month
A spokesperson for the tech giant confirmed the vulnerability and revealed that the patch will be released on the next batch, which is on Tuesday, April 14.
The seriousness of this particular vulnerability means that attackers could take full advantage of the flaw if a patch is not found soon. The gravity of this flaw stems from the fact that Microsoft didn’t notice the vulnerability until some attackers started taking advantage to exploit systems.
The flaw has two remote code execution flaws, which allows hackers to set up malicious fonts in the format of Adobe Type 1 Postscript. It opens up a boobytrapped file that usually runs the malware payload.
Generally, remote code execution is regarded as the most deadly form of a cyber attack. That is because the hacker can seize complete control of the victim’s system by running arbitrary code and secretly monitor the activities of the user.
Microsoft said it has found several related malicious files that attempted to take advantage of the vulnerability, but it didn’t reveal whether the malware has succeeded in deploying dangerous payloads.
But the good news for users is the built-in security features of Windows, which prevents exploits from working the way they were intended.
Caution against attack
Microsoft is asking users to take precautionary measures to protect their systems until a patch is found for the vulnerability. In that regard, users should not download any file from an unknown source.
The tech giant also pointed out other measures they can take to keep their system safe from exploitation. For example, they should try to turn off the Windows Explorer preview pane. According to Microsoft, when the review panel is on, it automatically activates the malicious front code in the document.
They can also rename the flawed file or disable the WebClient service. When the file is disabled, it will disrupt some of the formattings in some documents, which can keep the malware off.
According to Microsoft, the attack may not be very serious now, but the hackers may likely succeed in infiltrating several systems if the patch for the vulnerability takes a longer time. But it has advised users to stay informed for the windows patch for such vulnerability, as it will come soon.