“Patch Tuesday” came a little early this week, as Microsoft issued an emergency fix on Monday for what the company has considered a “critical” security vulnerability that puts users of all Windows versions at risk. Those with automatic updating enabled won’t have to worry, but for those who choose to update their systems manually, you can download the Windows patch yourself here.
A MASSIVE SECURITY LOOPHOLE
Microsoft labelled this bug as “Critical,” indicating the highest possible level of threat. Without the Windows patch, users of all versions of Windows, including Windows Vista, Windows 7, and Windows 8 are subject to “remote code execution vulnerability,” allowing hackers to gain complete control over an unpatched system. Those who have been able to update to Windows 10 are also vulnerable to these cyberattacks. Through exploiting this bug, Microsoft claims hackers would be able to “…install programs; view, change, or delete data; or create new accounts with full user rights.”
WHAT WINDOWS PATCH FIXES
Prior to the latest patch, Windows handled custom fonts in such a way that hackers were able to attack unsuspecting victims through OpenType: a common format for computer fonts developed by Microsoft and Adobe. By convincing Windows users to open documents or websites with the affected fonts, hackers are able to gain complete control over their systems, leaving un-patched Windows systems completely defenseless.
First signs of this vulnerability came earlier this month, with reports from security company FireEye’s Genwei Jiang and Mateusz Jurczyk—partners that work for Google’s security team—who reported corrupt emails leaked online from cyberattackers who successfully used the security loophole to breach the systems of Italian online surveillance firm Hacking Team.
IMPACT ON THE FUTURE OF WINDOWS
This security vulnerability has come at an extremely unfortunate time for Microsoft, who has been eager to put the universally-despised nightmare that is Windows 8 behind them, with the release of Windows 10 in just two weeks. Microsoft has been proud to announce on multiple occasions that Windows 10 would have the best security system to date, outshining all other operating systems—a claim that has since been massively weakened, as it has been shown to be just as susceptible to cyberattacks as its previous versions. However, Microsoft still aims to keep to their schedule, sticking to their original release date of July 29th.
