Skip to main content

Attackers exploiting critical zero-day Windows flaw

(Image credit: Shutterstock)

Microsoft has discovered a severe vulnerability in all supported versions of Windows, which enables criminals to remotely run malware – including ransomware – on a target machine.

According to a TechCrunch report, the security vulnerability has not been previously disclosed and there is currently no fix.

The “critical” vulnerability revolves around how the operating system handles and renders fonts. All it takes is for the victim to open or preview a malicious document, and the attacker can remotely run different forms of malware.

Microsoft said the vulnerability is being exploited in the wild, and different hacking groups are initiating “limited, targeted attacks”. 

Although there is as yet no patch, the company announced a temporary workaround for affected Windows users, which involves disabling the Preview and Details panes in Windows explorers.

“While this prevents malicious files from being viewed in Windows Explorer, it does not prevent a local, authenticated user from running a specially crafted program to exploit this vulnerability,” said Microsoft.

Speaking to TechCrunch, a company spokesperson said the fix for the vulnerability should arrive on April 14.