On the 23th of March 2020, Microsoft released a security advisory for two remote-code-execution vulnerabilities affecting all versions of Windows. The two vulnerabilities are linked to the Adobe Type Manager Library. An attacker could exploit these vulnerabilities by convincing a user to open or preview a specially crafted document.
Microsoft is aware of ongoing attacks which could exploit these 0-days vulnerabilities. A patch is not available yet but Microsoft provides advice on workarounds to limit the exploitability of the vulnerabilities.
Lien vers l'article source