21 July 2015
- From the section Technology
Microsoft has released an emergency patch for a “critical” bug present on almost every version of Windows.
Microsoft said the vulnerability was so severe that it needed to release a patch outside its usual monthly security update.
Security researchers from Google were among the experts who helped uncover the loophole.
The vulnerability was found in the parts of Windows that let the software handle some types of fonts.
If exploited, the bug would let attackers take over a target machine and run their own software on it.
In its advisory note about the vulnerability, Microsoft said the bug was being talked about online but had no information “to indicate this vulnerability had been used to attack customers”.
However, it said, its own research had shown that attackers exploiting it could “take complete control” of a vulnerable system. Windows users could fall victim to attackers who booby-trapped websites with exploit code or were tricked into opening a malicious email attachment.
The vulnerability has been found in Windows 7, 8 and RT as well as older versions such as Vista, Server 2008 and Server 2012.
Microsoft said it was tipped off about the bug by security researchers from security companies FireEye and Trend Micro as well as experts from Google’s Project Zero that seeks out unknown loopholes in code.
The patch comes less than a week after Microsoft closed another loophole in the same font-handling system. That separate hole came to light following a hack attack on a security company called the Hacking Team.
The attack involved the theft of hundreds of megabytes of documents that, among other things, exposed software bugs it had been planning to exploit for its own ends.