According to Microsoft, attackers are exploiting a flaw in Windows that allows malicious code to enter a fully updated system. In addition, there is no patch yet, which means users are actively at risk.

On March 23, Microsoft issued a security advisory to users stating that it is "aware of a limited targeted attack" that takes advantage of two remote code execution vulnerabilities. The security flaws stem from the Adobe Type Manager Library, which provides Adobe Systems fonts to Windows applications.

The attack could occur if hackers trick victims into opening malicious documents or displaying them in Windows Preview Maintenance of the Adobe Type Manager Library in Windows is the responsibility of Microsoft, not Adobe. It seems that maintenance of the Adobe Type Manager Library on Windows is the responsibility of Microsoft, not Adobe.

Microsoft did not share the details of the attack that prompted this critical-level advisory, but "limited targeted attacks" usually mean that state-sponsored intelligence agencies are exploiting the flaw to compromise specific computer systems.

Microsoft says there is no fix for the vulnerability at this time; according to TechCrunch, a Microsoft spokesperson has indicated that a patch will be available next Patch Tuesday (April 14). Windows 7 systems only eligible for the April patch if operators pay Microsoft an additional fee to continue support past the end date of regular Windows 7 support, which ends in January 2020.

Until the patch is available, all Windows users should be aware of suspicious requests or prompts on their devices. Do not respond to requests to view untrusted documents.

For immediate workarounds, Microsoft recommends disabling the preview and detail panes of Windows Explorer, disabling the WebClient service, disabling the Adobe Type Manager Library DLL library (ATMFD. DLL), and renaming the Adobe Type Manager Library DLL library (ATMFD.

According to Microsoft's advisory, this problem is partially, but not completely, mitigated in all versions of Windows 10 because font drivers are run in isolation from the rest of the operating system.

In Windows 10 build 1709 (2017 Fall Creators Update) and later, ATMFD.DLL is no longer present, but the attack still "executes code within the AppContainer sandbox context with limited privileges and capabilities. . can be executed."

For more information and potential risks of implementing these workarounds, see.