Microsoft has officially acknowledged a remote code execution flaw affecting all Windows versions, confirming that it’s aware of limited attacks against its users.Microsoft, however, suggested it wouldn’t release an out-of-band patch to resolve the vulnerability, despite the attacks happening in the wild, and instead would just wait for the next Patch Tuesday due in April to fix it.
The security flaw resides in Adobe Type Manager Library, which Windows uses for fonts. Windows 10, Windows 8.1, and even the unsupported Windows 7 are all vulnerable to attacks.
“Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane,” Microsoft read more)
0 Comments