Security News > 2020 > March > Windows has a zero-day that won’t be patched for weeks
The Remote Code Execution vulnerabilities affect Adobe Type Manager Library, the part of Windows that manages PostScript Type 1 fonts.
Importantly the same danger would arise even if users viewed that document using the Windows File Explorer file manager preview features.
Dll was another mitigation for versions of Windows before Windows 10 1709, with instructions on how to do this for different older versions covered in the advisory.
Importantly, Windows 7 users whose installations lack an Extended Security Updates agreement won't receive patches for these flaws.
This is the third time in a matter of weeks Microsoft has faced having to patch a Windows zero day after running into some timing problems over patching.
News URL
https://nakedsecurity.sophos.com/2020/03/25/windows-has-a-zero-day-that-wont-be-patched-for-weeks/
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- New Windows Themes zero-day gets free, unofficial patches (source)
- Windows Themes zero-day bug exposes users to NTLM credential theft (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)