The wonderful world of software allows us to do amazing things from smartphones to cloud-based applications. Along with these capabilities comes the potential for vulnerability. While IT leaders do their best to protect networks from malware and hackers, the software itself can sometimes open a door that is difficult to close.
In a recent blog post by software licensing solutions provider, Flexera Software, a recently released Microsoft (News - Alert) Patch Tuesday offers more than enhanced capabilities. According to Flexera, the edition launched this week brings along with it a highly critical vulnerability. As companies aim to shore up their networks for improved operations and security, news such as this isn’t received lightly.
The software licensing solutions provider’s Hossein Lotfi from Secunia (News - Alert) Research suggests that the vulnerability is a core component of all supported versions of Microsoft Windows operating systems, the Unicode Scripts Processor wrapped up in the operating system. Typical exploitation of the vulnerability occurs by way of document exchange or web browsing. Opening a specially created web page or document can unleash the malicious intent.
With this kind of vulnerability at play, patching has to be a priority to protect software licensing machines against exploitation. It’s also pertinent that the risk be mediated for businesses and private users. Hossein notes that there isn’t a nickname for the vulnerability as of yet, and prefers that the information shared with the community sticks to the facts, not the potential hype.
To analyze a vulnerability such as this, Hossein shared that this step is relatively quick and easy. Finding the issue is where the challenge can lie as in this case, it required the use of reverse engineering. As the code quality has improved in recent Windows versions, it can be a bit more challenging to find a vulnerability. And given that a lot of Windows code remains the same over several iterations, a vulnerability that affects several Windows versions is not unusual.
With Microsoft products touching so many different things within the enterprise and small business, such vulnerabilities can affect more than just the immediate user. While IT teams can play an important role in the protection of their networks, relying on producers to shore up their offerings is essential to safe operations.
Edited by Maurice Nagle