Software giant Microsoft has released a security advisory for a recently discovered bug which could allow hackers to seize complete control of PCs.
The advisory states that the bug exists in Windows Graphic Rendering Engine and could allow hackers to run remote code execution on infected PCs.
The bug could potentially be exploited if users view altered thumbnails on network shared folders and drives, or if e-mail users open or preview powerpoint or word files containing the rogue images.
The Microsoft security advisory warned: “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
Microsoft informed that the bug is not currently being exploited and assured that a patch will be released in the near future. The company's first Patch Tuesday update release is scheduled for 11 January.
The bug was first reported during a security conference in Korea last month.
According to The Register, users can protect themselves from being hacked by setting Windows Access Control List to be more restrictive.