Keep Your Business Safe from Current Microsoft Windows Vulnerabilities

On July 20, Microsoft issued a sporadic emergency security update to secure a vulnerability affecting all of the current forms of Windows software.

Windows UpdateThis update was released after the vulnerability was found in a massive cache of emails illegally seized and leaked from Italian IT security company Hacking Team.

Hacking Team, which provides surveillance software to governments and corporations, was subject to an attack earlier this month in which cyber thieves gained 400GB of data from the company, including information on many currently exploitable insecurities in widely-used software.

The new Windows update in question remedied an issue with the Windows Adobe Type Manager Library, as to how the Adobe Type Manager Library font drive analyzes OpenType fonts.

While Microsoft claims there have been no attacks exploiting this particular vulnerability so far, the reality of this weakness’s capacity for allowing wrongful parties to access critical information and control of otherwise secure systems cannot be understated:

  1. Microsoft classifies the vulnerability as “critical”.

This is their most serious threat level, because a successful attack could entirely compromise a Windows device.

  1. This vulnerability could grant hackers total control of the device in question.

“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” as stated in Microsoft’s update on the leak.

  1. It provides a relatively simple process for hackers to take advantage of unsuspecting users.

Hackers could exploit the bug by having victims open a document containing malformed OpenType fonts, or by taking them to malicious websites with similar content.

  1. Even industry experts recognize the simplicity of exploiting this issue.

“Looks as if it is ‘easy’ to exploit reliably, [so] that’s why they are going out-of-band,” said Wolfgang Kandek, CTO of security vendor Qualys, to computerworld.com.

  1. The vulnerability is even found in unreleased software.

This flaw was found in Microsoft’s upcoming Windows 10 OS, which is starting beta-testing as soon as July 29.

This updated (labelled MS15-078) can downloaded and installed using the regular Windows Updated Service, but you can do more to guarantee the safety of your company’s software! To learn more about protecting your business from software vulnerabilities, contact OffSite IT at (866) 828--6674 or email: info@offsiteIT.com

Alexssa

I first hired John directly as an employee back in 1999.
He was an excellent addition to a growing team at a small technology company. Subsequent to the sale of the company, John branched out on his own and started an IT consulting firm. Since that time, I have not used anyone else. John is capable, personable, has integrity and is also very likable. I would recommend him without reservation.”

  Kevin DiCerbo   

Connect With OffSite IT

  • Los Angeles / Orange County 22607 La Palma Avenue Suite 409 Yorba Linda, CA 92887
  • Chicago 6912 Main Street Suite 214 Downers Grove, IL 60516
  • 1-866-828_-6674 info@offsiteIT.com