Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions

2020-03-23 12:18

Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers.

According to Microsoft, both unpatched flaws are being used in limited, targeted attacks and impact all supported versions of the Windows operating system-including Windows 10, 8.1 and Server 2008, 2012, 2016, and 2019 editions, as well as Windows 7 for which Microsoft ended its support on January 14, 2020.

The flaws exist in Microsoft Windows when the Adobe Type Manager Library improperly "Handles a specially-crafted multi-master font - Adobe Type 1 PostScript format," allowing remote attackers to execute arbitrary malicious code on targeted systems by convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.

"For systems running supported versions of Windows 10, a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities," Microsoft said.

1) Disable the Preview Pane and Details Pane in Windows Explorer Meanwhile, all Windows users are highly recommended to disable the Preview Pane and Details Pane feature in Windows Explorer as a workaround to reduce the risk of getting hacked by opportunistic attacks.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/d9OPQJ-_SF8/windows-adobe-font-vulnerability.html

#0day #critical #RCE #windows

News URL

Related news