Hackers Are Exploiting Previously Undisclosed Windows Vulnerability

Posted on March 24, 2020 by Mehedi Hassan in Windows, Windows 10 with 4 Comments

Microsoft has discovered a new vulnerability that is being exploited by attackers in all supported versions of Windows.

The previously undisclosed vulnerability affects Windows 10 as well. There is currently no patch available for the vulnerability, but Microsoft is actively working on a fix (via TechCrunch).

The security vulnerability is to do with the Adobe Type Manager Library in Windows. “Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format,” notes Microsoft.

Attackers can exploit the vulnerability by luring users into open or preview a “specially crafted” document which, when opened, could allow the attacker to remotely run malware on the user’s device.

Microsoft has provided some possible workarounds for the issue here.

The more worrying problem here is that Microsoft says it is aware of “limited target attacks” that are leveraging this vulnerability and has listed it as a critical vulnerability. Microsoft will be releasing a fix for this issue for all supported versions of Windows — however, it won’t be releasing the fix for the regular, non-enterprise version of Windows 7 as it’s already reached end of support earlier this year.

Tagged with ,

Elevate the Conversation!

Join Thurrott Premium to enjoy our Premium comments.

Premium member comments on news posts will feature an elevated status that increases their visibility. This tab would allow you to participate in Premium comments with other premium members. Register to join the other Premium members in elevating the conversation!

Register or Subscribe

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register