Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers.
According to Microsoft, both unpatched flaws are being used in limited, targeted attacks and impact all supported versions of the Windows operating system—including Windows 10, 8.1 and Server 2008, 2012, 2016, and 2019 editions, as well as Windows 7 for which Microsoft ended its support on January 14, 2020.
Both vulnerabilities reside in the Windows Adobe Type Manager Library, a font parsing software that not only parses content when open with a 3rd-party software but also used by Windows Explorer to display the content of a file in the ‘Preview Pane’ or ‘Details Pane’ without having users to open it.
The flaws exist in Microsoft Windows when the Adobe Type Manager Library improperly “handles a specially-crafted multi-master font – Adobe Type 1 PostScript format,” allowing remote attackers to execute arbitrary malicious code on targeted systems by convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.
“For systems…
http://feedproxy.google.com/~r/TheHackersNews/~3/d9OPQJ-_SF8/windows-adobe-font-vulnerability.html