MICROSOFT discovers a “critical” vulnerability in WINDOWS

Microsoft has published a warning on its security portal advising that it has found a vulnerability that affects all supported versions of Windows and Windows 7, which stopped receiving support in January of this year, so it will not be corrected except in its business version.

The flaw allows an attacker to execute code like ransomware if a malicious text document is opened (or previewed with Windows Preview). In principle, despite being a “critical” vulnerability, the company will not release a patch to correct it until at least April 14, as it always publishes this type of update on the second Tuesday of each month and, although it has not provided an exact date, presumably it will come then, because they are already working on it.

As the firm itself explains, updates that correct vulnerabilities follow this agenda to allow information technology teams of companies they can predict it and work around it. Although this system has been skipped on some occasions to correct faults, it does not seem that this time it will.

Microsoft acknowledges that there are already “limited and targeted attacks” taking advantage of the bug, although it did not give more information in this regard. As it is a vulnerability that exploits the way Windows handles and renders fonts, it is not necessary to send an executable file – much more suspicious – but it is possible to attack a computer with a text document that should not even be opened to affect the computer. ; it is enough that it is previewed with the Windows tool (although not with the Outlook one).

The warning also includes some ways to protect itself from attack, although they are more aimed at technical teams than end users. In this case, the easiest method to stay safe from vulnerability is do not open files from unknown sources.

Find out the latest on digital economy, startups, fintech, corporate innovation and blockchain. CLICK HERE