Attackers are exploiting unpatched Windows zero-day flaws, Microsoft said in a Monday security advisory.
The company said “limited targeted attacks” could leverage two unpatched remote code executive (RCE) vulnerabilities in Windows “when the Windows Adobe Type Manager Library improperly handles a specially crafted multi-master font – Adobe Type 1 PostScript format.”
Among the ways, a hacker could exploit the flaws is convincing users to open “a specially crafted document or viewing it in the Windows Preview pane.” The company said it’s working on a fix but in the meantime users should use recommended mitigation and workarounds to reduce the risk, including disabling the Preview Pane and Details Pane in Windows Explorer, disabling the WebClient service and renaming ATMFD.DLL.
Recommended Reading: VMware critical vulnerability execution bug in hypervisors
Contending that “creating software is essentially a kind of manufacturing” with finished product “assembled from software components, just as an airplane is assembled from thousands of individual parts. It is the responsibility of the manufacturer to keep track of those parts to make sure they are correct and safe. ‘In this case, Microsoft is actually reporting on an Adobe component which contains vulnerabilities that affect Microsoft’s products,” said Jonathan Knudsen, senior security strategist at Synopsis, who compared creating software to manufacturing” where the finished product is “assembled from software components, just as an airplane is assembled from thousands of individual parts” with the manufacturer responsible for tracking those parts to ensure “they are correct and safe.”
In this case, “Microsoft appears to have found out about the vulnerability because it was already being exploited in the wild. This means that they have issued a security advisory, but they will have to hustle to get the patch ready as soon as possible,” Knudsen said.