What you need to know
- Microsoft disclosed a "critical" new Windows flaw today.
- The vulnerability affects all supported versions of Windows.
- Hackers are actively exploiting the unpatched flaw in "limited, targeted attacks," Microsoft says.
Microsoft today posted a security advisory (opens in new tab) disclosing a new, unpatched vulnerability in Windows. The flaw is rated as "critical" in severity, and it affects all supported versions of Windows. Microsoft says it is working on a fix, but there's currently no patch available (via TechCrunch).
"Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format," Microsoft said in its security guidance (opens in new tab). "There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane."
Microsoft says that it is aware of "limited, targeted attacks" that attempt to use the vulnerability. As for when a patch may be available, Microsoft simply says that patches "address security vulnerabilities in Microsoft software are typically released on Update Tuesday." That would put a date for a potential patch at April 14.
In an accompanying FAQ, Microsoft clarifies that the Windows Explorer Preview Pane is an attack vector for this vulnerability, but the Outlook Preview Pane is not. The company also clarifies that Windows 7 machines will only be patched for those with an extended security update license. Windows 7 reached end-of-support on January 14.
What's that laptop in the thumbnail?
It's the Surface Laptop 3.
I honestly can't wait for a future Surface Go with Windows 10X and legacy Win32 app support..the fluidity of Android, security of iOS..and I can still run my old apps..and not worry about stuff like this.
Thank you for signing up to Windows Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.