Microsoft Windows malware has zero-day exploits for Windows 10 users with zero-days installed, a researcher said Friday.
The zero-deployment vulnerability was discovered by a security researcher who works with ZeroDay, a security advisory firm that has been working on Windows 10 since December, and shared the details on a ZeroDay blog.
He said that the exploit was first spotted by a Microsoft Security Advisory Board member, but it was only made public after a Windows Insider user posted it.
The exploit is an attempt to bypass the Windows 10 firewall, the researcher said.
The exploit requires users to click on an icon in the taskbar, which would open an open file with the following description:A security advisory has since been published.
It includes details about the exploit and a workaround to stop the attack.
The flaw has been around since at least December, when the researcher first discovered the exploit.
A Microsoft security advisory dated March 11 said that Windows 10 had two zero-downtime exploits, one of which allowed a malicious app to run silently and another that allowed it to silently inject itself.
A malicious app can do this by downloading and executing code from an unknown location and then running the executable to install a Trojan horse.
The Trojan horse can then download and run arbitrary code, which can then run code to download and execute other malicious code.