Recently, Microsoft acknowledges un-patched security vulnerabilities that can be found in all supported versions of Windows, which is currently being exploited in “limited target attacks.” With the help of these vulnerabilities, a hacker can remotely run code or malware on the user’s system.
Microsoft explains that two remote code execution vulnerabilities occur in Windows when the Windows Adobe Type Manager Library handles the Adobe Type 1 PostScript format font improperly. According to the company, there are many ways by which an attacker can exploit the vulnerability, for example, “convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.” Microsoft rated this vulnerability “critical,” which is also the highest rating of severity.
However, currently, there is no patch available for the vulnerability, according to Microsoft. But they are working on a fix and typically will be released on next Patch Tuesday, which is the second Tuesday of each month. That means there would be no fix for it until the second Tuesday of April.
Meanwhile, there is some workaround that can be applied, making it difficult for attacking such as disabling the Details and Preview planes of Windows Explorer or disabling the WebClient service or renaming the ATMFD.DLL file.