Microsoft blasted out a security alert today, warning users of its Windows OS of a zero-day vulnerability that is already being exploited by hackers. According to the alert, the zero-day exploit was discovered in the Adobe Type Manager Library (atmfd.dll) that’s used to store PostScript Type 1 fonts in the OS.
To be precise, the vulnerabilities have been narrowed down to two remote code executions (RCE) vulnerabilities that allows hackers to unpackage and run their code on a victim’s PC. And then proceed to execution actions online, without them realising it. Also, the vulnerability affects all versions of Windows and Windows Server OS.
As per the software company’s update, there are multiple ways that a hacker could exploit the vulnerability. One action being the ability to convince users to “open a specially crafted document or viewing on the Windows Preview pane”.
At the time of writing, Microsoft still hasn’t released a patch for the vulnerability. However, the company is suggesting that one may be made available in the next security patch in April.
Meanwhile, it will be publishing a series of mitigations for both companies and general consumers to take if they feel targeted.