Microsoft Pushes Emergency Security Fix for Windows

New vulnerabilities that have been exposed as a result of the attack on the Hacking TeamEUs servers continue to wreak havoc. Yesterday, the victim was Microsoft.

The company has issued an emergency security update for its Windows operating system that it described as EUcritical,EU its most severe vulnerability rating. The bug, which appears on the font driver of the operating system, allows an attacker to take control of a userEUs system remotely.

The vulnerability affects all supported versions of Windows, according to Microsoft. The majority of Microsoft customers should be protected if they have automatic updating enabled, since the fix will be downloaded and installed automatically. But customers that install updates manually are advised to do so immediately.

More Fallout from Hacking Team

The patch was released ahead of MicrosoftEUs next regular monthly Patch Tuesday security update. Among the Windows versions affected by the exploit are Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT, and Windows RT 8.1. The flaw also reportedly affects the Windows 10 Insider Preview.

We spoke with Daniel Kennedy, Research Director at 451 Research, who told us it was noteworthy that Microsoft released the patch outside of its normal security updates.

"Anytime Microsoft releases a patch out of band of their regular security updates, it gains some attention," Kennedy said. "This file was also associated with a privilege escalation vulnerability earlier this month. Companies should follow their reasonable patch management processes, testing the patch, releasing it to a small group of users, and then extending it to all affected users, in an expedited timeframe."

The vulnerability was originally discovered by researchers from computer security firm FireEye. Microsoft is only the latest tech company affected by the fallout from the Hacking Team leak,...

Comments are closed.