Microsoft has found a previously undisclosed vulnerability its Windows operating system for PCs. The vulnerability can be found in all supported versions of Windows, including Windows 10. Microsoft announced the vulnerability in an advisory, which said that it is being exploited in the form of limited targeted attacks. It means that if a hacker successfully pulls off an attack on a computer, they could remotely run a malware on the victim’s device. The vulnerability involves Adobe’s Type Manager Library that is used to render fonts in Windows.
In its advisory, Microsoft said that the limited targeted attacks that could leverage unpatched vulnerabilities in the Adobe Type Manager Library, through which an attacker can leverage fonts. The company further provided guidelines to users in order to minimize the risk until a security update is released. Using this vulnerability, an attacker can trick a user into opening a specially crafted document or view it in the Windows Preview pane, through which they can remotely run a malware or a malicious code on a victim’s device.
“There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane,” the Microsoft advisory said. The vulnerability has been rated ‘critical,’ Microsoft’s highest rating.
Now, although Microsoft has said that it is working on a fix, the company notes that updates to address security vulnerabilities are usually released as part of Update Tuesdays, which is the second Tuesday of every month. In the meantime, it has listed out instructions for a few temporary workarounds in the advisory, like disabling Preview Pane and Details Pane in Windows Explorer. Microsoft has also listed out the Windows versions that are affected by this vulnerability.
In its statements to The Verge and TechCrunch, Microsoft said that the security patch for this vulnerability will land on the next Update Tuesday, slated for April 14.