On Tuesday, Microsoft confirmed the existence of a vulnerability present in several versions of the Windows operating system. If exploited, the glitch could leave users’ computers open to being fully controlled by an outside attacker.
The exploit, first reported on December 15 at a security conference in South Korea, takes advantage of the way Windows’ graphics rendering engine processes certain thumbnail images. The booby-trapped images could be placed in an Office document, a website, or an e-mail.
“An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user,” Microsoft said in a statement. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
If that sounds positively frightening, you may be comforted to hear that so far reports of the vulnerability seem to be strictly theoretical – there are no known reports of an attack taking place in the wild.
The two most recent versions of Windows — Windows 7 and Windows Server 2008 R2 — are reportedly not susceptible to the bug. Microsoft suggests that concerned users of other Windows versions mitigate risks of an attack by running as limited users, not as users will full administrative controls.
Microsoft says that it is currently investigating the bug and may address the problem in a future security update.
Editors' Recommendations
- How Intel and Microsoft are teaming up to take on Apple
- Microsoft just discovered the next big evolution in displays
- Microsoft Surface Laptop 5, Surface Pro 9 heavily discounted today
- Google Sheets vs. Microsoft Excel: Which is better?
- SSD not showing up in Windows? Here are some easy fixes