Hackers are exploiting an 'unpatched' vulnerability in Windows 10
What's the story
If you are using a Windows 10 PC, better be careful while downloading anything from the internet. Microsoft - the maker of the OS - has warned that the platform carries a critical vulnerability, which is being actively exploited by hackers sending malicious files. Plus, there is no way to fix it at the moment, either. Here's all about it.
Issue
Previously undisclosed bug in all versions of Windows
Just recently, Microsoft detailed the flaw, noting that it exists in Windows' Adobe Type Manager Library, a DLL file used by apps to manage/render fonts from Adobe. The company denied providing specific details but deemed the issue as 'critical' while noting that it can be triggered by forcing Type Manager Library to improperly handle a specially-crafted font in the Adobe Type 1 PostScript format.
Exploit
Attack possible by tricking to open malicious documents
Microsoft noted that there are multiple ways to trigger improper handling of the font but the most common way is specially-crafted malicious files. Basically, the company said, a threat actor can trick you into downloading a compromised file, which, when opened or viewed in the Windows Preview Pane, can let the attacker run malware/ransomware on the targeted PC, steal data from it.
Exploit
Some hackers are already exploiting this bug
Even though the flaw in question was never disclosed before, some hackers are exploiting it to launch "limited, targeted attacks," Microsoft stated. The company didn't say who is carrying out the attack or how many people have been targeted but assured that a fix is being developed to plug the loophole and will be released as soon as possible.
Protection
In the meantime, here's what you can do for protection
Until the patch is issued, you can avoid being targeted by not downloading files from unreliable sites/sources. Secondly, you can also follow Microsoft's temporary workaround and disable the Preview and Details panes in Windows Explorer, which prevents the automatic display of OTF fonts in Windows Explorer. Simply put, this will prevent the viewing of malicious files, which leads to the attack.