If you are one of those who think Microsoft’s efforts of convincing users to move to Windows 7 is nothing more than a money-making campaign, perhaps this announcement might help to change your mind a little. According to a security bulletin posted by Microsoft very recently. A zero-day flaw which could potentially allow hackers to remotely take over your PC has been found to affect all versions of Windows prior to Windows 7.
When you have a company as big as Microsoft producing the one and only operating system used by more than 80% of the world’s PC users, it goes without saying that the target board on the back of Windows is large enough for attackers to score a direct hit somehow, regardless of their accuracy. And it appears that another stray projectile has managed to strike the Windows target board: Microsoft has issued an advisory cautioning users about a new zero-day flaw which has just been exposed in Windows.
According to the Security Advisory posted on its web site, the Redmond company has confirmed that it has received public reports about a flaw in the Windows Graphics Rendering Engine which, if exploited, can open the doors for hackers to remotely seize control of a user’s PC. And the consequences of such an outcome is not exactly the most desirable: Microsoft is claiming that attackers who gain access to a user’s PC via this flaw have full read/write permissions on the OS and can even create new Admin accounts to lock out the original users.
Sounds scary, doesn’t it? But the bad news does not end there. While one would expect Microsoft to have a patch ready for users to download, the unfortunate truth is that there is no such download available for users yet. Instead, Microsoft is suggesting that users work around the flaw by making a few changes to the Access Control List of the shimgvw dynamic library via the Command Prompt or Powershell. 64-bit Vista users have it worse off though, as the workaround requires six different text-based commands to be entered, which is not exactly the most elegant and user-friendly workaround to deal with.
Still, there is some good news to look forward to: apparently, Windows 7 is not affected by this zero-day flaw, so Windows 7 users can continue with their online needs without much interruptions. And if you are still on a version of Windows that is not Windows 7…well, perhaps the time has come to finally bite the bullet and start upgrading.
Reference: Microsoft Security Advisory