Windows PCs could be at risk from a major security flaw triggered by one of the platform’s most popular software offerings.
A leading security researcher has highlighted a vulnerability that would allow hackers to take over control of an entire PC simply by loading some malicious code using Notepad.
Once exploited, this could allow hackers to gain access over all processes within the system. The flaw dates all the way back to the time of Windows XP, meaning a wide range of devices could still be at risk.
Security flaws found in many major kernel driversWindows Defender is the best antivirus around, testing lab claimsBest Windows 10 antivirus of 2019
Google Project Zero expert Tavis Ormandy discovered the flaw, which exploits a shortcoming in the Windows Text Services Framework that oversees keyboard layouts and text input.
A component within the system, CTextFramework, can be hacked through apps that interact with it to process showing text on screen. Ormandy found that the security protocols governing the system can be easily bypassed, allowing hackers to escalate their access privileges and gain access to multiple systems across the victim’s device.
These are the kind of hidden attack surfaces where bugs last for …read more