HomeWinBuzzer NewsMicrosoft Confirms Two Windows Zero-Day Vulnerabilities

Microsoft Confirms Two Windows Zero-Day Vulnerabilities

Both new zero-days are more dangerous for Windows 7 and Microsoft says they have already been exploited by attackers.


has confirmed there are some new zero-day vulnerabilities affecting all versions of Windows that have been exploited by attackers.

According to Microsoft's official Security Advisory, there are two remote execution vulnerabilities. These flaws are found in the Adobe Type Manager Library, which displays Adobe Type-1 PostScript in Windows.

“Microsoft has become aware of limited targeted based attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library and is providing the following guidance to help reduce customer risk until the security update is released. We appreciate the efforts of our industry partners and are complying with a 7-day timeline for disclosing information regarding these limited attacks.

“Two remote code execution vulnerabilities exist in when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.”


Microsoft says a bad actor can exploit the vulnerability through several methods. For example, tricking a victim through a document crafted to look legitimate.

“There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane,” the company explained.

While the problem originates in Windows 7, it could also affect Windows 8.1 and . Microsoft says people running Windows 10 face a low risk because of mitigations introduced when it launched.

“For systems running supported versions of Windows 10 a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities.”

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News