Microsoft has discovered a new vulnerability that is being exploited by attackers in all supported versions of Windows.
The previously undisclosed vulnerability affects Windows 10 as well. There is currently no patch available for the vulnerability, but Microsoft is actively working on a fix (via TechCrunch).
The security vulnerability is to do with the Adobe Type Manager Library in Windows. “Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format,” notes Microsoft.
Attackers can exploit the vulnerability by luring users into open or preview a “specially crafted” document which, when opened, could allow the attacker to remotely run malware on the user’s device.
Microsoft has provided some possible workarounds for the issue here.
The more worrying problem here is that Microsoft says it is aware of “limited target attacks” that are leveraging this vulnerability and has listed it as a critical vulnerability. Microsoft will be releasing a fix for this issue for all supported versions of Windows — however, it won’t be releasing the fix for the regular, non-enterprise version of Windows 7 as it’s already reached end of support earlier this year.