Skip to main content

Critical new Windows flaw being exploited, Microsoft working on a fix

Surface Laptop 3 15
Surface Laptop 3 15 (Image credit: Windows Central)

What you need to know

  • Microsoft disclosed a "critical" new Windows flaw today.
  • The vulnerability affects all supported versions of Windows.
  • Hackers are actively exploiting the unpatched flaw in "limited, targeted attacks," Microsoft says.

Microsoft today posted a security advisory (opens in new tab) disclosing a new, unpatched vulnerability in Windows. The flaw is rated as "critical" in severity, and it affects all supported versions of Windows. Microsoft says it is working on a fix, but there's currently no patch available (via TechCrunch).

"Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format," Microsoft said in its security guidance (opens in new tab). "There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane."

Microsoft says that it is aware of "limited, targeted attacks" that attempt to use the vulnerability. As for when a patch may be available, Microsoft simply says that patches "address security vulnerabilities in Microsoft software are typically released on Update Tuesday." That would put a date for a potential patch at April 14.

In an accompanying FAQ, Microsoft clarifies that the Windows Explorer Preview Pane is an attack vector for this vulnerability, but the Outlook Preview Pane is not. The company also clarifies that Windows 7 machines will only be patched for those with an extended security update license. Windows 7 reached end-of-support on January 14.

Dan Thorp-Lancaster is the Editor in Chief for Windows Central. He began working with Windows Central as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl. Got a hot tip? Send it to daniel.thorp-lancaster@futurenet.com.

3 Comments
  • What's that laptop in the thumbnail?
  • It's the Surface Laptop 3.
  • I honestly can't wait for a future Surface Go with Windows 10X and legacy Win32 app support..the fluidity of Android, security of iOS..and I can still run my old apps..and not worry about stuff like this.