New Delhi: Over a billion people across the globe were suddenly thrown into a tizzy after the story on a data-mining firm lifting Facebook profiles to sway elections came to light. While the debate over social media giant’s ability to protect users’ privacy is still going on, the bigger question on online security looms.
Fear of cyber attack, online siphoning of money and hacking of personal data have often perturbed people.
We are frequently reminded to not download any unknown app or play those Facebook quizzes or open those sleazy emails which keep sneaking into our inbox.
But do you know that even a visit to a seemingly harmless looking website can compromise you completely?
According to the latest Microsoft security updates, there are at least five critical vulnerabilities in your Windows operating system which allows a hacker to get access to your computer by just luring you to visit a website.
As per the update, ‘a remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits the vulnerability could take control of the affected system’.
‘The attacker can then install programs; view, change, or delete data; or create new accounts with full user rights.’ If you have administrative user rights then the impact on your system would be even greater.
The good news is Microsoft has released its April Patch Tuesday, which addresses these vulnerabilities in Windows operating systems and some of the other products. Patch Tuesday or Update Tuesday is an unofficial term used to refer to when Microsoft releases security patches for its software products.
But those who do not patch up their software can be in for some trouble as this can be exploited by both Web-based attacks and even file sharing attacks.
In a web-based attack scenario, an attacker can host a specially crafted website that is designed to exploit this loophole and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, he would have to convince users to take action, typically by getting them to click a link in an email or an instant message that takes users to the attacker's website, or by opening an attachment sent through email.
In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to take advantage of and then convince users to open the document file.
Thus if you are a windows user, it is best advised to update the Patches as soon as you can. This will not ensure that you can never be hacked but would at least heighten the level of deterrence.
Comments
0 comment