Last night, Microsoft noted there’s an unpatched bug in Windows that might allow attackers to install malware or ransomware on your system through specially crafted documents.
Microsoft is aware of limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released.
Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.
There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.
As ArsTechnica noted, the “Adobe Type Manager Library” is a system file often used to manage and render fonts published by Adobe in documents.
Recently, hackers have been using coronavirus related documents to steal data from people. With this new vulnerability out in the open, some might try and take advantage of the situation.
So, until Microsoft issues a bug fix, it’s advisable to not download or open unknown documents, and disable the preview pane.
We’ll keep tabs on when the company issues an update, and notify you, so that you can safely use your system.