Microsoft warns Windows users of two security holes already under attack

Ruben Fields
March 24, 2020

'Microsoft is aware of this vulnerability and working on a fix, ' the security advisory continued.

Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.

Hackers are exploiting a pair of previously unknown vulnerabilities in Windows that can be used to create booby-trapped documents that can help take over your computer, according to Microsoft.

Microsoft has just announced the release of new optional patches for the latest versions of Windows 10.

As we're getting closer to April, we're also looking forward to seeing if Microsoft will start rolling out Windows 10 version 2004 next month. For systems running supported versions of Windows 10, Microsoft said a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities.

Buckingham Palace staffer reportedly contracts coronavirus
It is unclear if she had closely communicated with the unnamed aide who went down with the infection early last week. Every member of staff they came into contact with has been placed in self-isolation, the publication reports .

Users of Windows 7, Windows Server 2008, or Windows Server 2008 R2 are required to have an ESU license to receive future security updates fixing these issues (more information here). The update is not being released to all Windows 7 customers since the operating system reached end of support on January 14, 2020. In the meantime, the advisory offered a temporary workaround for affected Windows users to mitigate the flaw until a fix is available. Once the document is opened - or viewed in Windows Preview - an attacker can remotely run malware, such as ransomware, on a vulnerable device.

Microsoft has provided some possible workarounds for the issue here.

For Windows 8.1 operating systems and below, Microsoft said using the Registry Editor incorrectly can cause serious problems that may require users to reinstall their operating systems.

Until the patch is issued, you can avoid being targeted by not downloading files from unreliable sites/sources. For example, disabling the preview pane in Windows Explorer will prevent a malicious file from being viewed, but it doesn't stop local attacks and Open Type fonts won't be automatically displayed.

Other reports by

Discuss This Article