Microsoft Warns of Hackers Abusing Windows Adobe Library Zero-Days

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,148
Content source
https://www.bleepingcomputer.com/news/security/microsoft-warns-of-hackers-abusing-windows-adobe-library-zero-days/
Microsoft warned today of targeted attacks actively exploiting two zero-day remote code execution (RCE) vulnerabilities found in the Windows Adobe Type Manager Library and impacting all supported versions of Windows.

"Microsoft is aware of limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released," the company says.

The two RCE security flaws exist in Microsoft Windows "when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format."

Microsoft has rated the vulnerabilities as Critical and says that they are impacting machines running desktop and server Windows releases, including Windows 10, Windows 8.1, Windows 7, and multiple versions of Windows Server.

Microsoft says that a fix for the vulnerabilities is currently being developed and hints at a future release coming during next month's Patch Tuesday (on April 14).

"Updates that address security vulnerabilities in Microsoft software are typically released on Update Tuesday, the second Tuesday of each month," the advisory reads.

"This predictable schedule allows for partner quality assurance and IT planning, which helps maintain the Windows ecosystem as a reliable, secure choice for our customers."

Users of Windows 7, Windows Server 2008, or Windows Server 2008 R2 are required to have an ESU license to receive future security updates fixing these issues (more information here).
Click to expand...
 
  • Like
  • +Reputation
  • Thanks
Reactions: Parsh, Antus67, Protomartyr and 20 others
Stopspying

Stopspying

Level 19
Verified
Top Poster
Well-known
Jan 21, 2018
814
An alternative summary is here if you are not logged in on a Microsoft account and can't read the linked articles as I found
www.windowscentral.com

Need to quickly screen-record an app? Use this hidden feature in Windows 10

In this guide, we'll show you the steps to screen-record an app on Windows 10 without the need to use third-party software, via the built-in Xbox Game Bar app.
www.windowscentral.com www.windowscentral.com
 
  • Like
Reactions: Venustus and Protomartyr
blacksheep

blacksheep

Level 4
Verified
Well-known
Mar 8, 2020
182
Microsoft says attackers are exploiting a previously undisclosed security vulnerability found in all supported versions of Windows, including Windows 10.

But the software giant said there is currently no patch for the vulnerability.

The security flaw, which Microsoft deems “critical” — its highest severity rating — is found in how Windows handles and renders fonts, according to the advisory posted Monday. The bug can be exploited by tricking a victim into opening a malicious document. Once the document is opened — or viewed in Windows Preview — an attacker can remotely run malware, such as ransomware, on a vulnerable device.

The advisory said that Microsoft was aware of hackers launching “limited, targeted attacks,” but did not say who was launching the attacks or at what scale.

Microsoft said it was working on a fix but that the advisory should serve as a warning until a patch is released. Although Windows 7 is also affected, only enterprise users with extended security support will receive patches. In the meantime, the advisory offered a temporary workaround for affected Windows users to mitigate the flaw until a fix is available.

The software giant typically releases its security fixes on the second Tuesday of each month, but occasionally issues out-of-band patches in severe cases.

When reached, a spokesperson for Microsoft reiterated the contents of the post and suggested the patch would land on the next Patch Tuesday, slated for April 14.

techcrunch.com

Microsoft says a new Windows zero-day flaw is under attack

A patch could be weeks away.
techcrunch.com techcrunch.com
 
  • Like
  • Thanks
Reactions: Parsh, Venustus, Protomartyr and 3 others
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
CISA Warns of Attacks Exploiting Adobe Acrobat Vulnerability
Replies
0
Views
1,062
News Archive
silversurfer
silversurfer
Gandalf_The_Grey
    • Like
    • +Reputation
Microsoft August 2023 Patch Tuesday warns of 2 zero-days, 87 flaws
Replies
2
Views
944
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws
Replies
2
Views
1,512
News Archive
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top