Attackers are exploiting two new zero-days in the Windows Adobe Type Manager Library to achieve remote code execution on targeted Windows systems, Microsoft warns.
The attacks are limited and targeted, the company noted, and provided workarounds to help reduce customer risk until a fix is developed and released.
More about the new Windows zero-days
According to the security advisory published on Monday, the vulnerabilities arise from the affected library’s improper handling of a specially-crafted multi-master font – Adobe Type 1 PostScript format.
“There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane,” the company shared, and said that the Outlook Preview Pane is not an attack vector for this vulnerability.
The flaws affect:
Windows 10
Windows 8.1
Windows 7
Windows RT 8.1
Windows ..
Support the originator by clicking the read the rest link below.
