Microsoft Warns of Critical Vulnerability in Windows

Forum Moderators: open

Message Too Old, No Replies

Microsoft Warns of Critical Vulnerability in Windows

engine

11:26 am on Mar 24, 2020 (gmt 0)

Microsoft has warned of a critical vulnerability in Windows which is currently unpatched, which it says is working on a fix.

Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.

There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.

[portal.msrc.microsoft.com...]

lammert

8:15 pm on Mar 24, 2020 (gmt 0)

Adobe type 1 fonts can be used in PDF, so I guess PDF files embedded in emails will be a main attack vector for this vulnerability.

Worth noting is that Microsoft specifically mentions this as "targeted Windows 7 based attacks". Windows 7 support was discontinued not long ago and this is an extra reminder for those still using this OS (note to self) to upgrade to Windows 10.

JS_Harris

10:39 pm on Mar 26, 2020 (gmt 0)

Hopefully nobody needs reminders anymore that nothing done online is ever entirely private or secure.

tangor

12:34 am on Mar 27, 2020 (gmt 0)

... or that Adobe is not your friend.

</dry humor>