Windows 10 users are under attack by cybercrime, thanks to a critical vulnerability with no available fix. Microsoft confirms: Un-patched vulnerabilities in the Adobe Type Manager Library are leveraged
Windows 10 users are under attack by cybercrime, thanks to a critical vulnerability with no available fix. It has been confirmed by Microsoft in a security update. The company revealed that “is aware of limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released. Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format. There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane. Microsoft is aware of this vulnerability and working on a fix”.
The cyber security experts: The problem involves a “type 1 font parsing remote code execution” flaw
According to the cyber security experts, The Windows 10 critical problems involve a “type 1 font parsing remote code execution” flaw. It means that cybercrime could leverage unpatched vulnerabilities in the Adobe Type Manager library, if the victim opens the malicious document, or views it in the Windows Preview panel. Until the patch will be released, users could apply a workaround of disabling the review and details panes in Windows Explorer to prevent malicious files from being viewed. Even then, though, this won’t stop a local and authenticated user from running a program that is crafted to exploit the vulnerabilities.