Hackers exploiting unpatched vulnerability in Windows 10
Microsoft has warned that some hackers are undertaking targeted attacks using an unpatched vulnerability in the Windows 10 operating system.
The vulnerability is found in the Adobe Type Manager Library, and affects all supported versions of Windows 10, as well as Windows 7 and Windows Server. Microsoft said that it is “aware of this vulnerability and working on a fix”.
The vulnerability is of particular concern given the numbers of people working from home due to the coronavirus crisis, who will have less access to tech support and need to make more decisions about their computer’s cybersecurity than would usually be the case.
If exploited by a hacker, the vulnerability could be used to get users to open documents that contain malware, potentially allowing it to be used as a gateway for severe attacks.
The disclosure of the unpatched Windows 10 vulnerability by Microsoft highlights the fact that software created by other companies can introduce vulnerabilities into operating systems.
An attacker can exploit the flaws by convincing the targeted user to open a specially crafted document or viewing it in the Windows Preview pane, which has been described as an attack vector for these vulnerabilities.
Microsoft says it’s aware of “limited, targeted attacks” attempting to exploit these vulnerabilities.
Creating software is essentially a kind of manufacturing, where the finished product is assembled from software components, just as an airplane is assembled from thousands of individual parts. It is the responsibility of the manufacturer to keep track of those parts to make sure they are correct and safe,” said Jonathan Knudsen, senior security strategist at Synopsys.
“In this case, Microsoft is actually reporting on an Adobe component which contains vulnerabilities that affect Microsoft’s products.”
It also highlights that vulnerabilities can sometimes only be found because they have been exploited.
For those worried about vulnerabilities, particularly those working from home, the advice is to exercise caution.