Microsoft Windows 10 operating system’s vulnerabilities against hacking have been exposed just days before its launch which is scheduled on July 29, and the company has now tried to plug it with an emergency security fix. Microsoft Windows 10 will be the final operating system from Windows and going forward, the company is looking to transition towards providing Windows as a service instead of simply a version of operating system. Microsoft has also announced that the team will constantly be working to keep Windows 10 updated with regular security patches and apps. The news about Windows operating systems being extremely susceptible comes at a time when the company is preparing for the worldwide mega launch of its final operating system and has evoked a quick response from Microsoft.
An attack on July 20, 2015, on the Hacking Team’s servers has revealed the potential security deficiencies of Microsoft Windows operating systems. The company issued an immediate security update to fix the vulnerabilities of Microsoft Windows OS including Windows 10 Insider Preview, that were exposed against hacking. The security update has been defined as ‘critical’ which is considered the most severe rating for updates related to vulnerabilities. The bug which was discovered gives complete remote access of a user’s system to the hacker or the attacker. It appears on the operating system’s font driver.
According to Microsoft, this particular vulnerability potentially affects every single version of Windows operating systems. The company also stated that most of the users will be protected from the bug if they have enabled automatic updates on their computer. The security fix will be automatically downloaded and installed on the system. Users who manually install the updates for the Windows operating system on their computer have been advised to download the security fix immediately. The company has stated that attackers could take complete control of the system if they successfully exploited the vulnerability. They could then have full user rights to create new accounts, and install programs, delete, view or change relevant products and services.
The release of this security patch came before Microsoft’s scheduled monthly security update referred to as ‘Patch Tuesday.’ The versions of Windows operating systems that could be potentially affected are Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows RT, Windows Server 2012, Windows Server 2012 R2, Windows 7, Windows 8.1, Windows RT 8.1, and Windows 8. The vulnerability also affects Windows 10 Insider Preview. Research Director at 451 Research, Daniel Kennedy said that it was remarkable that Microsoft chose to release the security patch outside of its scheduled security updates. He said that it raises a few eyebrows whenever Microsoft releases a security patch apart from the scheduled band of regular updates.
Kennedy also said that earlier in July 2015, this file was associated with a privilege escalation vulnerability. He said that companies must follow a judicious process for patch management by testing it first by releasing it to a small section of users, and then in a quick timeframe, extending the security patch to all the affected users. The vulnerability in Microsoft Windows OS was detected by the researchers at FireEye, a computer security firm. The recent fallout from the Hacking Team leak has made numerous such exploits available to the public. Microsoft Windows vulnerabilities being exploited are the latest disclosures after Adobe was also affected by such disclosures after the hacking of the Italian surveillance company earlier this month. Many government agencies in the U.S. have also been under attacks after such flaws were made public through the leak.
The bug which affects most of the Windows OS gives remote access to the hackers and allows them to execute code if users visit a Web page which contains embedded OpenType fonts or open a specially crafted document without knowing the source. The security patch fixes the vulnerability as it changes the way that OpenType fonts are handled by Windows Adobe Type Manager. In this way, Microsoft Windows 10 operating system’s vulnerabilities against hacking have been exposed just days before its launch while the company has now fixed it with an immediate security update.
By Ankur Sinha
IT World-Microsoft has released an emergency security patch for Windows
Topix-Microsoft Pushes Emergency Security Fix for Windows