The world might be trying to fight one of the worst pandemics of recent history with Covid-19, but that doesn’t mean there aren’t other viruses and vulnerabilities out there. Especially when it comes to our computer systems as Microsoft has revealed the existence of a new remote code execution vulnerability that existed in all supported versions of Windows and has recently been exploited in a number of limited attacks.
The flaw involves the Adobe Type Manager Library, which Windows utilises to render fonts. “There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane,” according to Microsoft. The vulnerability has a severity level of “critical,” which is the company’s highest rating. It has been marked critical for the level of risk it exposes to the user, though it does appear as if nothing drastic has occurred as a result of the flaw, which is pretty difficult to manipulate otherwise.
No patch currently exists to fix the flaw, although Microsoft’s advisory notes that updates to address security vulnerabilities are usually released as part of Update Tuesday, typically scheduled for the second Tuesday of every month. Which means, in theory, that we could get an update around April 14, though, given the critical nature of this vulnerability, its likely Microsoft will get a patch out as soon as possible for this.
For the time being though Microsoft offers instructions for a few temporary workarounds in its advisory, such as disabling the Preview Pane and Details Pane in Windows Explorer.
Last Updated: March 24, 2020