Security News > 2020 > March > Windows has a zero-day that won’t be patched for weeks
The Remote Code Execution vulnerabilities affect Adobe Type Manager Library, the part of Windows that manages PostScript Type 1 fonts.
Importantly the same danger would arise even if users viewed that document using the Windows File Explorer file manager preview features.
Dll was another mitigation for versions of Windows before Windows 10 1709, with instructions on how to do this for different older versions covered in the advisory.
Importantly, Windows 7 users whose installations lack an Extended Security Updates agreement won't receive patches for these flaws.
This is the third time in a matter of weeks Microsoft has faced having to patch a Windows zero day after running into some timing problems over patching.
News URL
https://nakedsecurity.sophos.com/2020/03/25/windows-has-a-zero-day-that-wont-be-patched-for-weeks/
Related news
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017 (source)
- New Windows zero-day exploited by 11 state hacking groups since 2017 (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)