Hackers attacking Windows users using unpatched vulnerability – Microsoft

MANILA, Philippines – Microsoft reported two vulnerabilities being actively exploited by attackers to allow them to install malware or ransomware on a computer remotely. TechCrunch added a patch will be released on April 14, though not for all affected Windows versions.

The advisory, posted Monday, March 23, is based off of how Windows handles and renders fonts.

"Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format," said Microsoft

Attackers are trying to exploit this by getting users to fall for opening a "specially crafted document or viewing it in the Windows Preview pane." Once activated, the attacker can use remote code execution to set up malware on your device.

The advisory noted Windows 7 was also affected. Only enterprise users of WIndows 7 with extended security support will get the future patch, however.

A number of workarounds are available to help protect users from possible attack, including disabling the Preview Pane and Details Pane in Windows Explorer, among others. A full list of workarounds can be found here.  – Rappler.com

 

Victor Barreiro Jr.

Victor Barreiro Jr is part of Rappler's Central Desk. An avid patron of role-playing games and science fiction and fantasy shows, he also yearns to do good in the world, and hopes his work with Rappler helps to increase the good that's out there.

image