Microsoft has published an advisory regarding a new remote code execution vulnerability currently being exploited by attackers.
In the advisory, Microsoft stated that it had become aware of “limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library.”
“Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.”
These vulnerabilities could be exploited by an attacker by convincing a user to open a specific document or viewing it in the Windows Preview pane.
In a chart published in the advisory, Microsoft has rated the severity of the RCE as critical, adding that it impacts machines running desktop and server Windows release, including Windows 7, Windows 8.1, Windows 10, and numerous versions of Windows Server.
Microsoft is currently working on a fix.
It should be noted that “updates that address security vulnerabilities in Microsoft software are typically released on Update Tuesday, the second Tuesday of each month,” thus it can be assumed that the fix may be released on April 14.
To reduce the risks of attacks, Microsoft customers are advised to disable the Preview and Details panes in Windows Explorer to prevent the automatic display of OTF fonts in Windows Explorer.
“While this prevents malicious files from being viewed in Windows Explorer, it does not prevent a local, authenticated user from running a specially crafted program to exploit this vulnerability,” Microsoft adds.
Customers can also disable their WebClient service to help protect vulnerable systems from any attempts to exploit the vulnerabilities by “blocking the most likely remote attack vector through the Web Distributed Authoring and Versioning (WebDAV) client service.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.