Hackers are Hiding Malicious Code in Windows Fonts cc shop cvv, dumps cc shop
Microsoft revealed that cyber attackers are exploiting some security flaws in all Windows versions, including Windows 10. However, the tech giant said the vulnerability doesn’t have a patch yet.
Microsoft said the vulnerability is a critical one, which
has the highest vulnerability rating. In an advisory the company released on
Monday, the flaw is derived from the handling and rendering of fonts.
“Microsoft is aware of limited targeted attacks that could leverage unpatched vulnerabilities in the Adobe,” Microsoft said in a statement .
The attackers are exploiting the vulnerability by deceiving the victim to open a malicious file. Once the victim opens the file or document, the attackers launch their malware into their systems. The attacker can take hold of the victim’s computer by installing ransomware on the vulnerable system.
Microsoft also revealed that the hackers were sending
limited targeted attacks. However, it did not mention the level of attack or
who was responsible for the attack.
Microsoft reiterated that although there is no solution to
the vulnerability, it’s seriously working to provide a fix. But until the fix
and the necessary patch is released, it’s warning users to be aware of the
activities of such hackers on their systems.
However, not all Windows users will be able to receive a patch
for the flaw. The patch is available to enterprise users that have additional
security support. Microsoft has issued advice to users to help them scale
through the attack until a permanent solution is established.
The company generally sends patches for updates on the second Tuesday of every month. But it sometimes issues emergency patches in very serious security breach situations.
A spokesperson for the tech giant confirmed the
vulnerability and revealed that the patch will be released on the next batch,
which is on Tuesday, April 14.
The seriousness of this particular vulnerability means that
attackers could take full advantage of the flaw if a patch is not found soon.
The gravity of this flaw stems from the fact that Microsoft didn’t notice the
vulnerability until some attackers started taking advantage to exploit systems.
The flaw has two remote code execution flaws, which allows
hackers to set up malicious fonts in the format of Adobe Type 1 Postscript. It
opens up a boobytrapped file that usually runs the malware payload.
Generally, remote code
execution is regarded as the most deadly form of a cyber attack. That is
because the hacker can seize complete control of the victim’s system by running
arbitrary code and secretly monitor the activities of the user.
Microsoft said it has found
several related malicious files that attempted to take advantage of the
vulnerability, but it didn’t reveal whether the malware has succeeded in
deploying dangerous payloads.
But the good news for users is the built-in security features of Windows, which prevents exploits from working the way they were intended.
Microsoft is asking users to take precautionary measures to
protect their systems until a patch is found for the vulnerability. In that
regard, users should not download any file from an unknown source.
The tech giant also pointed out other measures they can take to keep their system safe from exploitation. For example, they should try to turn off the Windows Explorer preview pane. According to Microsoft, when the review panel is on, it automatically activates the malicious front code in the document.
They can also rename the flawed file or disable the WebClient service. When the file is disabled, it will disrupt some of the formattings in some documents, which can keep the malware off.
Microsoft, the attack may not be very serious now, but the hackers may likely
succeed in infiltrating several systems if the patch for the vulnerability
takes a longer time. But it has advised users to stay informed for the windows
patch for such vulnerability, as it will come soon.
cc shop cvv dumps cc shop