Microsoft is finally patching a major Windows security flaw

40

Here’s how Microsoft describes the bug in its announcement of acknowledgment of the issue:

“A remote code execution vulnerability exists when MSDT is invoked from a calling application such as Word using the URL protocol. An attacker who successfully exploited this vulnerability could run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change or delete data, or create new accounts in the context allowed by the user’s privileges.”

Without the latest patch from Microsoft, hackers can use this zero-day vulnerability to infect all currently supported versions of Windows.

Critics call Microsoft’s response too slow

In many cases, once a potentially exploitable software bug is active, it is impossible to tell if it was discovered and used by a hacker. However, with the Follina bug, evidence shows that hackers have exploited it, both by state-backed actors and cybercriminals.

In one case, a Chinese hacking group used the bug to attack…



Source link

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.