Attackers Are Exploiting A Windows Flaw And A Fix Won't Come Until April

Microsoft says that attackers are taking advantage of a security vulnerability in Windows that wasn’t disclosed previously. The vulnerability is found in all currently supported Windows versions, including Windows 10 that’s recently got 1 billion users.

The worse news is the company said that right now, there is no patch for this vulnerability.

Microsoft itself considers this security flaw ‘critical,’ which is the highest severity for the company. The flaw is found in how the operating system handles as well as renders fonts, as stated by the advisory on Monday. An attacker can exploit this bug by tricking users to open a malicious document. Once they have opened or previewed the document, the attacker can run malware remotely on the user’s device, ransomware for example.

According to the advisory, Microsoft knew about hackers launching targeted, limited attacks, but the company didn’t reveal who was behind the attacks or the scale of the attacks.

The tech giant said that it was working on a patch but for now, users should rely on the advisory for warnings until a fix is rolled out. The advisory will be a temporary workaround that affected Windows users can use to mitigate the flaw while waiting for a fix.

Typically, Microsoft rolls out security fixes on the second Tuesday every month, but severe cases sometimes force it to issue patches off schedule.

A spokesperson of the company suggested that the fix will come out on the next patch release, set for April 14.

>>> Microsoft Teased A New UI For Windows 10 And It's Stunning