Hackers attacking Windows users using unpatched vulnerability – Microsoft

Victor Barreiro Jr.
Hackers attacking Windows users using unpatched vulnerability – Microsoft


Microsoft lists a number of workarounds to help avoid getting attacked as a result of the vulnerability. A patch will be released on April 14

MANILA, Philippines – Microsoft reported two vulnerabilities being actively exploited by attackers to allow them to install malware or ransomware on a computer remotely. TechCrunch added a patch will be released on April 14, though not for all affected Windows versions.

The advisory, posted Monday, March 23, is based off of how Windows handles and renders fonts.

“Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format,” said Microsoft

Attackers are trying to exploit this by getting users to fall for opening a “specially crafted document or viewing it in the Windows Preview pane.” Once activated, the attacker can use remote code execution to set up malware on your device.

The advisory noted Windows 7 was also affected. Only enterprise users of WIndows 7 with extended security support will get the future patch, however.

A number of workarounds are available to help protect users from possible attack, including disabling the Preview Pane and Details Pane in Windows Explorer, among others. A full list of workarounds can be found here.  – Rappler.com


Add a comment

Sort by

There are no comments yet. Add your comment to start the conversation.


Victor Barreiro Jr.

Victor Barreiro Jr is part of Rappler's Central Desk. An avid patron of role-playing games and science fiction and fantasy shows, he also yearns to do good in the world, and hopes his work with Rappler helps to increase the good that's out there.