Windows PCs could be at risk from a major security flaw triggered by one of the platform's most popular software offerings.
A leading security researcher has highlighted a vulnerability that would allow hackers to take over control of an entire PC simply by loading some malicious code using Notepad.
Once exploited, this could allow hackers to gain access over all processes within the system. The flaw dates all the way back to the time of Windows XP, meaning a wide range of devices could still be at risk.
- Security flaws found in many major kernel drivers
- Windows Defender is the best antivirus around, testing lab claims
- Best Windows 10 antivirus of 2019
A component within the system, CTextFramework, can be hacked through apps that interact with it to process showing text on screen. Ormandy found that the security protocols governing the system can be easily bypassed, allowing hackers to escalate their access privileges and gain access to multiple systems across the victim's device.
These are the kind of hidden attack surfaces where bugs last for years," Ormandy said. "It turns out it was possible to reach across sessions and violate NT security boundaries for nearly twenty years, and nobody noticed."
The flaw, officially known as CVE-2019-1162, is included as being patched in Microsoft's monthly Patch Tuesday security release, which should be installed as soon as possible.
- The best antivirus software 2019
Via The Register
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.