Updates for the critical-rated vulnerabilities, which are being actively exploited in the wild, are still weeks away
Attackers are actively exploiting two previously undisclosed security vulnerabilities that affect all supported as well as some of the no-longer-supported versions of the Windows operating system, Microsoft announced in an out‑of‑band advisory on Monday.
The security flaws, rated as critical, are being abused for limited targeted attacks. This would imply campaigns by advanced threat actors compromising carefully chosen targets. That said, citing the need to “help reduce customer risk until the security update is released”, the tech giant disclosed the flaws publicly.
“Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format,” said the tech giant. Adobe Type Manager is a font management tool that helps Windows handle and render fonts.
There are several ways how bad actors can leverage the flaws, including by tricking their targets into opening a booby-trapped file or into viewing it in the Windows Preview pane, said Microsoft.
Microsoft is aware of limited targeted attacks that could leverage unpatched vulnerabilities in the Adobe Type Manager Library, and is providing guidance to help reduce customer risk until the security update is released. See the link for more details. https://t.co/tUNjkHNZ0N
— Security Response (@msftsecresponse) March 23, 2020
Patch?
The flaws affect all supported versions of Windows, including Windows 10, as well as systems that are ..
Support the originator by clicking the read the rest link below.
