Emergency Patch Released By Microsoft For Windows Flaw

An emergency patch was released by Microsoft recently to deal with a vulnerability that allows hackers access to the computers of their victims. An online security bulletin posted by the company on Monday revealed that the “critical” vulnerability gives hackers “complete control of the affected system.” Attackers would have the capability of installing programs, viewing, modifying and deleting data as well as “create accounts with full user rights.”

The issue covers Windows Vista, 7, 8, 8.1, and RT, is essentially two-thirds of around 1.5 billion PCs using the Windows OS around the world. Since the issue was given the highest threat level by Microsoft, the company did not wait for “Patch Tuesday,” the regularly scheduled security update each month. The last time an emergency patch was released by Microsoft was in November 2014.

Unsuspecting Windows users may be the subject of an attack when they are convinced to open a specially-designed document or visit compromised web pages since the issue affects OpenType, which is a popular computer font format developed by Adobe and Microsoft.

Emergency Patch Released For Windows - image credit: theguardian.com

The flaw was discovered by computer security researchers after checking a compilation of emails leaked over the net following a breach of the systems of the Hacking Team. Genwei Jiang and Mateusz Jurczyk of FireEye were credited by Microsoft for discovering the issue. The two are part of the Project Zero security squad of Google.

The emergency patch comes as the company is set to release its latest operating system, Windows 10. The new OS is supposed to be the more secure compared to previous versions of the software. Device Guard and Windows Hello are the technologies that are supposed to increase the protection level of the OS.

Even with these tools, a security issues was discovered on the most recent test version of the new OS, which may be the last iteration of the software released by the company. Windows 7 and 8.1 users will receive the new OS for free on July 29.

The company revealed that most Windows users will automatically receive the security update since they enabled automatic updating on their devices. Users whose automatic update is disabled will have to download the emergency patch from the security bulletin page of Microsoft. The company revealed that there is no proof that the issue was used in attacking Windows, but it is possible for attackers to consistently exploit it.

Posted by George Daniels on Tuesday July 21 2015, 2:24 PM EDT. All trademarks acknowledged. Filed under Technology. Comments and Trackbacks closed. Follow responses: RSS 2.0