This update was released after the vulnerability was found in a massive cache of emails illegally seized and leaked from Italian IT security company Hacking Team.
Hacking Team, which provides surveillance software to governments and corporations, was subject to an attack earlier this month in which cyber thieves gained 400GB of data from the company, including information on many currently exploitable insecurities in widely-used software.
The new Windows update in question remedied an issue with the Windows Adobe Type Manager Library, as to how the Adobe Type Manager Library font drive analyzes OpenType fonts.
While Microsoft claims there have been no attacks exploiting this particular vulnerability so far, the reality of this weakness’s capacity for allowing wrongful parties to access critical information and control of otherwise secure systems cannot be understated:
This is their most serious threat level, because a successful attack could entirely compromise a Windows device.
“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” as stated in Microsoft’s update on the leak.
Hackers could exploit the bug by having victims open a document containing malformed OpenType fonts, or by taking them to malicious websites with similar content.
“Looks as if it is ‘easy’ to exploit reliably, [so] that’s why they are going out-of-band,” said Wolfgang Kandek, CTO of security vendor Qualys, to computerworld.com.
This flaw was found in Microsoft’s upcoming Windows 10 OS, which is starting beta-testing as soon as July 29.
This updated (labelled MS15-078) can downloaded and installed using the regular Windows Updated Service, but you can do more to guarantee the safety of your company’s software! To learn more about protecting your business from software vulnerabilities, contact Data Magic Computer Services at (469) 635-5500 or email: email@example.com