Microsoft has released security fixes against security vulnerabilities in both Office and Windows that was actively abused by hackers to infiltrate user's
computer. These exploits are one-click attacks which means that the hackers can plant a malware or even get access to a victim's computer with minimal user interaction. As reported, at least two flaws can be exploited by tricking someone into clicking a malicious link on their Windows computer. Another flaw can help the hackers in planting malicious Office files. In the bug reports, Microsoft accepted that input of security researchers in Google's Threat Intelligence Group came when they discovered the vulnerabilities. One of the bugs was found in Windows shell which works as the power source of OS' interface. Now, when a victim clicks on any malicious link from their computer, the bug lets the hackers bypass Microsoft's SmartScreen that regularly filters malicious links and files. As mentioned by security expert Dustin Childs, the bug can be abused to plant malware remotely on the victim's computer. He said, 'There is user interaction here, as the client needs to click a link or a shortcut file. Still, a one-click bug to gain code execution is a rarity.' Here’s What Nvidia CEO Jensen Huang Said About AI Spending By Google, Microsoft, Meta And Amazon The second bug tracked in the process was found in Microsoft's proprietary browser engine MSHTML. As said by Microsoft, this one allows the hackers to bypass security features in Windows to plant malware. And independent security reporter Brian Krebs said that Microsoft also patched three other zero-day bugs in its software that were being heavily exploited by the hackers.
How To Stay Safe?
The best way to do the same is to first download the latest Windows and Office update versions as soon as possible because Microsoft has patched more than 50 vulnerabilities out of which a lot were zero day. Zero day attacks are triggered through the victim clicking on malicious links, so make sure that you don't click any random link from an unknown source on your PC. Always keep a spam or phishing filter active on your device.
