Microsoft has warned that hackers are actively exploiting a zero-day vulnerability affecting all the versions of Windows. The remote code execution flaw stems from the way Windows handles and renders fonts using the Adobe Type Manager Library.
The Redmond company has deemed the vulnerability as critical and has stated that, if exploited by hackers, they could control the target PC remotely and even install malware to steal information.
However, Microsoft mentioned the advisory that it witnessed “limited, targeted” attacks until now but hasn’t disclosed the hacker(s) behind the attacks.
To exploit the flaw, Microsoft says, an ill-intended hacker could convince users to open a specially crafted document or trick users into opening the document in the Windows Preview pane.
The flaw has affected all the versions of Windows including Windows 10, Windows 7, Windows 8.1, Windows Server 2008, and Windows Server 2012.
Talking about the fix for the flaw, Microsoft is exhibiting a lax attitude. The company says it’s working to fix the RCE flaw but we should only expect it to land alongside the next Patch Tuesday update which will arrive on April 14.
Meanwhile, Microsoft has suggested some workarounds that you can put in place to evade potential threats. This includes disabling the Preview Pane and Details pane in the Windows File Explorer. Doing so will prevent Windows from automatically displaying OTF fonts.