Microsoft explained in a post published on Monday that attackers were exploiting a security vulnerability that was not previously disclosed and that they had found it in all supported versions of Windows, such as: Windows 10.
She said that the vulnerability – described as “critical” – was found in how Windows handles fonts and display them. The vulnerability can be exploited by tricking the victim into opening a malicious document. Once the document is opened, or viewed in Windows preview, an attacker can remotely run malware, such as ransomware, on the victim’s machine.
But Microsoft said in the post: It is aware that the attackers have launched limited, targeted attacks, but did not say who was launching the attacks. She added that she is working on a security patch, but the announcement of the vulnerability comes as a warning until the security patch is issued. Meanwhile, the company has provided a temporary solution for affected Windows users to reduce the vulnerability until the correction is available.
It is noteworthy that Microsoft used to launch a security fix on the second Tuesday of every month, but it may sometimes issue urgent security patches, in the case of very serious vulnerabilities.
It is reported that the company released the largest patch package in the company’s history known as Patch Tuesday this month, which included fixes for up to 115 security vulnerabilities in the company’s products, including 24 critical vulnerabilities.
Source : Microsoft