Microsoft discloses new Windows vulnerability
Microsoft today revealed the threat of implementing a new remote code that can be found in all supported versions of Windows and is currently being exploited in “limited targeted attacks” (via tech crutch). If a hacker successfully Pullof the attack, they can theoretically run code or malware on the infected device.
This error includes the Adobe Type Manager library, which allows Windows to render fonts. According to Microsoft, “there are several ways an attacker can be vulnerable, such as persuading a user to open a specially-created document or viewing it in the Windows preview pane,” according to Microsoft. The risk is the level of “critical” severity that is the company’s highest ranking.
“There is currently no patch to remove the risk”
No patches are currently available to fix this error, though Microsoft Advisory Note states that updates to address security vulnerabilities are typically scheduled on the second Tuesday of each month, Issued as a section. This means that, in theory, the next most recent Tuesday is April 14th.
In a statement to The Verge, Microsoft reiterated its standard update Tuesday policy, but the company did not provide a specific date for when the patch could be released.
Microsoft offers instructions for some temporary tasks in its advisory, such as disabling the preview pane and the details pane in Windows Explorer.