An unpatched vulnerability has been discovered that affects almost all versions of Windows. Microsoft warns that users could be attacked this way.
This is a vulnerability in the Adobe Type Manager Library. Microsoft provides guidelines to mitigate customer risk until the security update is released.
There are two vulnerabilities in remote code execution in Microsoft Windows when the Adobe Adobe Type Manager Library in Windows does not properly handle a specially crafted multi-master font, Adobe Type 1 PostScript format.
There are multiple ways that an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or view it in the Windows Preview window.
“Microsoft is aware of this vulnerability and is working on a fix. Updates that address the vulnerabilities in Microsoft software are typically released on Update Tuesday, the second Tuesday of every month.
This predictable schedule ensures partner quality assurance and IT planning, which helps maintain the Windows ecosystem as a reliable, secure choice for our customer,” the company reports.
The vulnerability can exploit virtually all recent versions of Windows. This includes Windows Server 2008, 2012 and 2016. Also, the no longer supported Windows 7 is mentioned. Microsoft explains more about the vulnerabilities and how to mitigate them.
