Microsoft says aware of new security flaw found in Microsoft Windows
Microsoft (MSFT) said it is aware of limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released.
Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.
There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.
Microsoft is aware of this vulnerability and working on a fix.
Updates that address security vulnerabilities in Microsoft software are typically released on Update Tuesday, the second Tuesday of each month.
This predictable schedule allows for partner quality assurance and IT planning, which helps maintain the Windows ecosystem as a reliable, secure choice for our customers.
The operating system versions that are affected by this vulnerability are listed below. Please see the mitigation and workarounds for guidance on how to reduce the risk.
The security flaw, which Microsoft deems “critical” — its highest severity rating — is found in how Windows handles and renders fonts, according to the advisory posted.
Although Windows 7 is also affected, only enterprise users with extended security support will receive patches. In the meantime, the advisory offered a temporary workaround for affected Windows users to mitigate the flaw until a fix is available.
To read timely stories similar to this, along with money making trade ideas, sign up for a membership to Stockwinners.
This article does not constitute investment advice. Each reader is encouraged to consult with his or her individual financial professional and any action a reader takes as a result of information presented here is his or her own responsibility.