There are no less than 4 flaws affecting Windows 10 that Microsoft has just fixed. 3 of them allows remote code execution while the last allowed a hacker to gain administrator access.
4 vulnerabilities to take control of a remote or local PC
These security holes that have not been closed are called 0-day. Microsoft has just fixed 4 very serious ones that allowed an attacker to take control of a machine running Windows 10, and even in some cases, Windows 7, while it will no longer receive updates. The first 2 vulnerabilities identified CVE-2020-1020 and CVE-2020-0938 affect a DLL library provided by Adobe for managing fonts. A hacker can then perform actions such as reading, modifying or deleting data, or even creating an administrator account.
Microsoft confirms that these vulnerabilities are in use by hackers in conjunction with phishing campaigns of a small scale according to the company. They also affect Windows 7. The third security vulnerability, CVE-2020-0674, uses the script engine loaded in memory and used by Internet Explorer. The attack would then take the form of a stolen website. All versions of Windows are affected, the use of Internet Explorer is prohibited.
Finally, the last flaw CVE-2020-1027 works locally and gives the hacker administrator rights. Microsoft, however, did not provide details on the conditions necessary to trigger it. 3 of these flaws were discovered by the Google security group. The 4th was a joint discovery by Google and researchers from Qihoo 360, best known for its 360 Total Security security suite.
The most important advice to guarantee the security of an information system, in this case, a Windows 10 PC, is to carry out the updates as soon as they are available, even if there may be some problems as the update that deleted the files and Microsoft finally advised to uninstall. However, we highly recommend updating to the latest version for security reasons.