Microsoft today admitted that hackers have launched cyberattacks on all yet-to-be-supported Windows devices with an as-yet-undisclosed vulnerability, and there is no security patch for the vulnerability. In a statement released Monday, Microsoft acknowledged that the vulnerability is at the “critical” level, which exists in Windows processing and rendering fonts.
Hackers have now exploited the vulnerability to trick users into opening malicious documents. Once the victim opens the document (or viewit in Windows Preview), an attacker can install a variety of malicious programs on the device, such as ransomware.
The bulletin said hackers had launched “limited, targeted cyberattacks” but did not specify who the attackers were and the scale. Microsoft said it was working on a new patch and would release a fix as soon as possible.
While there is a vulnerability in Windows 7, with the end of the mainstream support cycle, only enterprise users who pay for extended support will receive updates. In addition, a temporary solution is provided in the bulletin so that affected Windows users can mitigate the impact of the vulnerability.