Microsoft said the attackers were taking advantage of a previously unknown security vulnerability and had found it in all supported versions of Windows, such as: Windows 10. But the software giant added that there is currently no patch available.
The company explained in a post published in the month of march 2020 that the vulnerability – which was described as “critical” – was found in how Windows handles fonts and their display. The vulnerability can be exploited by tricking the victim into opening a malicious document. Once the document is opened, or viewed in Windows preview, an attacker can remotely run malware, such as ransomware, on the victim’s machine.
But Microsoft said in the post: It is aware that the attackers have launched limited, targeted attacks, but did not say who was launching the attacks. She added that she is working on a security patch, but the announcement of the vulnerability comes as a warning until the security patch is issued. Meanwhile, the company has provided a temporary solution for affected Windows users to reduce the vulnerability until the correction is available.
It is noteworthy that Microsoft used to launch a security fix on the second Tuesday of every month, but it may sometimes issue urgent security patches, in the case of very serious vulnerabilities.
