Highlights:
- The attacks have been in control so far
- Microsoft might release a patch via the Update Tuesday tradition
- As of now, the company advises disabling the Preview Pane and Details Pane in Windows Explorer as a temporary workaround
Microsoft has announced the news of a new remote code execution vulnerability that is found in almost all supported versions of Microsoft Windows, and in the current situation, it is being exploited in “limited targeted attacks.” This means, in case a hacker is successful at pulling off an attack, the threat actor could remotely run code or a malware on the victim’s device.
More on the vulnerability bit
The flaw basically has the Adobe Type Manager Library, which assists Windows render fonts. According to Microsoft, “There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.”
Currently, the company does not have any patch available to deal with the flaw, however Microsoft’s advisory states that the update to work on such security vulnerabilities is often launched as a part of the Update Tuesday, normally scheduled for second Tuesday of every month.
Mathematically, the next update is due to be released on April 14 2020.
In a statement, Microsoft emphasized on its standard Update Tuesday policy, however, the tech giant has not given out any specific date or commitment as to when a patch might be made available.
As temporary relief, Microsoft offers instructions for a workaround instructing users to disable the Preview Pane and Details Pane in Windows Explorer.