Security News > 2020 > March > Windows users under attack via two new RCE zero-days

Attackers are exploiting two new zero-days in the Windows Adobe Type Manager Library to achieve remote code execution on targeted Windows systems, Microsoft warns.
"There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane," the company shared, and said that the Outlook Preview Pane is not an attack vector for this vulnerability.
"For systems running supported versions of Windows 10 a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities," Microsoft added.
The company did not offer more details about the attacks nor did it say when the security updates will be released, but has noted that to receive them for Windows 7, Windows Server 2008, or Windows Server 2008 R2 users will have to have an Extended Security Updates license.
Microsoft has updated the advisory to say that "The threat is low for those systems running Windows 10 due to mitigations that were put in place with the first version released in 2015," and that they are not aware of any attacks against the Windows 10 platform.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/QTN1eeBVEqg/
Related news
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Broadcom fixes three VMware zero-days exploited in attacks (source)
- PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)