New Microsoft vulnerability
Microsoft has recently revealed a new remote code execution vulnerability present in every supported version of Windows that is being employed in “limited targeted attacks” that could allow hackers to run code or malware on infected devices.
The vulnerability is rooted in the Adobe Type Manager Library, part of the font-rendering process of Windows, and is classed as “critical”, Microsoft’s highest threat level.
Microsoft has not yet provided a patch to correct the problem, although if they follow their usual policy of releasing security fixes on Update Tuesday (second Tuesday of each month) there may be one available on April 14. Until then, the only advice coming from Microsoft is to employ temporary workarounds, e.g. disabling the Details and Preview panes in Windows Explorer. Full details are available on the Microsoft website.
As a response to the current Coronavirus crisis, Johns Hopkins University created an interactive virus tracking map. Unfortunately, it appears there is no crisis too serious for criminals not to attempt exploitation; an Android application, “Corona live 1.1”, poses as being a simple interface to the Johns Hopkins data and claims to need no special access, but once installed it demands access to virtually everything on the user’s device.
As well as warning against this specific threat, experts have issued general warnings that in times of crisis, criminals frequently redouble their efforts to gain illegal access to data and devices; users who already under stress looking for reassurance from the digital world have a greater likelihood of being careless or making errors. More than ever at this time it is vital not to accept links, plug-ins, or apps from untrusted sources and to ensure that all data is robustly protected and backed up.