HomeWinBuzzer NewsMicrosoft Confirms Two Windows Zero-Day Vulnerabilities

Microsoft Confirms Two Windows Zero-Day Vulnerabilities

Both new zero-days are more dangerous for Windows 7 and Microsoft says they have already been exploited by attackers.

-

Microsoft has confirmed there are some new zero-day vulnerabilities affecting all versions of Windows that have been exploited by attackers.

According to Microsoft’s official Security Advisory, there are two remote execution vulnerabilities. These flaws are found in the Adobe Type Manager Library, which displays Adobe Type-1 PostScript in Windows.

“Microsoft has become aware of limited targeted Windows 7 based attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library and is providing the following guidance to help reduce customer risk until the security update is released. We appreciate the efforts of our industry partners and are complying with a 7-day timeline for disclosing information regarding these limited attacks.

“Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.”

Exploit

Microsoft says a bad actor can exploit the vulnerability through several methods. For example, tricking a victim through a document crafted to look legitimate.

“There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane,” the company explained.

While the problem originates in Windows 7, it could also affect Windows 8.1 and Windows 10. Microsoft says people running Windows 10 face a low risk because of mitigations introduced when it launched.

“For systems running supported versions of Windows 10 a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities.”

SourceMicrosoft
Luke Jones
Luke Jones
Luke has been writing about Microsoft and the wider tech industry for over 10 years. With a degree in creative and professional writing, Luke looks for the interesting spin when covering AI, Windows, Xbox, and more.

Recent News

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x
Mastodon