Mar 24, 2020, 17:50 pm
Today, Microsoft warned billions of Windows users that hackers are actively exploiting two critical zero-day vulnerabilities that could allow bad actors to take complete control of targeted computers. According to a security advisory, the vulnerabilities are being used in "limited targeted attacks," and all supported Windows operating systems could be at risk.
The flaws exist in the Windows Adobe Type Manager Library, which allows apps to manage and render fonts available from Adobe Systems. Attackers may exploit the vulnerabilities by getting their targets to open booby-trapped documents or view them in the Windows preview pane.
Microsoft is still working to fix the vulnerabilities. The earliest it will issue a patch is likely April 14th. Microsoft typically releases security updates on Update Tuesday, the second Tuesday of each month. In the meantime, there are a few workarounds, including disabling the preview pane and details pane in Windows Explorer. Microsoft has detailed the steps users should take here:
https://portal.msrc.microsoft.com/en-US/.../ADV200006
https://www.engadget.com/2020-03-23-micr...nager.html
The flaws exist in the Windows Adobe Type Manager Library, which allows apps to manage and render fonts available from Adobe Systems. Attackers may exploit the vulnerabilities by getting their targets to open booby-trapped documents or view them in the Windows preview pane.
Microsoft is still working to fix the vulnerabilities. The earliest it will issue a patch is likely April 14th. Microsoft typically releases security updates on Update Tuesday, the second Tuesday of each month. In the meantime, there are a few workarounds, including disabling the preview pane and details pane in Windows Explorer. Microsoft has detailed the steps users should take here:
https://portal.msrc.microsoft.com/en-US/.../ADV200006
https://www.engadget.com/2020-03-23-micr...nager.html