It turns out that hackers are using this feature to deliver a new kind of malware known as MineBridge. Most victims receive some kind of an email that apparently contains the job resume of a potential applicant. If the user only skims through the resume things will be fine, but if they were to select the option that would enable editing of said document, malicious actors will be able to access the Windows Finger command use it to deliver and activate the malware.
While this is the first time that Windows Finger has been used to actively deliver malware, it is the second time overall that it’s been used to bypass system security. This allowed malware to be uploaded through other means without raising any alarms.
Microsoft really needs to do something to fix this issue because of the fact that this is the sort of thing that could potentially end up causing a lot of problems for Windows 10 users that are out there. It’s currently unknown if and when Microsoft would end up fixing this issue, so until then it is recommended that all Windows 10 users block this command from being operational. That way even if you get a malware infected file it wouldn’t be able to access the command and subsequently the malicious actor will have failed in their attempts to gain access to your system.
No comments:
Post a Comment