Microsoft has just announced hackers have exposed a flaw in Windows 10 and are exploiting it with a new hack. Making matters worse, there is still no patch to prevent hackers from getting to you.
According to Microsoft’s advisory, these are “targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library.”
This Windows hack exposes remote code execution vulnerabilities when the “Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format”
The hack isn’t overly robust, as it only needs a user to open a document containing malware or view in the Windows preview pane. A hacker could easily accomplish this through a simple phishing email.
There may be a bit of a delay in releasing a patch to fix the issue, as Microsoft generally releases updates on the second Tuesday of each month. It can make out-of-band releases for major security issues, but this limited attack will likely be one that Microsoft will let ride until the next update Tuesday.
Until then, Microsoft has released a few workarounds to mitigate the vulnerability. You can find those at the bottom of the advisory page.
We’ll update you is Microsoft decides to release an off-band update before update Tuesday rolls around.
-
The evolving role of the CISO and how it impacts channel partnersIndustry Insights The traditional IT sales cycle is being rewritten as CISOs emerge as the most important stakeholders for channel partners to align solutions with
-
How businesses can use storytelling to drive AI adoption among their workforceMany employees are still resisting AI tools, but narrative-led communication is more likely to get their buy-in than data and spreadsheets
-
IBM AIX users urged to patch immediately as researchers sound alarm on critical flawsNews Network administrators should patch the four IBM AIX flaws as soon as possible
-
A journey to cyber resiliencewhitepaper DORA: Ushering in a new era of cyber security
-
A new framework for third-party risk in the European Unionwhitepaper Report: DORA and cyber risk
-
Kali Linux releases first-ever defensive distro with score of new toolsNews Kali Purple marks the next step for the red-teaming platform on the project's tenth anniversary
-
Microsoft releases scripts to restore shortcuts deleted in faulty Windows Defender updateNews However, some users have resorted to creating their own fixes as they’ve encountered Microsoft’s to be problematic
-
Windows Defender update deletes Start Menu, Taskbar, Desktop shortcutsNews For now, it appears that administrators will have to manually recreate their shortcuts once the issue has been fixed
-
IBM LinuxONE for dummiesWhitepaper Secure your data, build an open hybrid cloud environment, and realise the cost benefits of consolidation
-
Windows 10 users encounter ‘blue screen of death’ after latest Patch Tuesday updateNews Microsoft said it is working on a fix for the issue and has offered users a temporary workaround
