Microsoft: Two zero-day vulnerabilities in Windows Adobe Type Manager Library are actively being exploited
All supported versions of Windows operating system are affected
Microsoft has warned of two zero-day Windows vulnerabilities that are currently being exploited by hackers in efforts to take over fully updated systems.
In a security advisory published on Monday, Microsoft warned that the two remote code execution (RCE) vulnerabilities exist in the Windows Adobe Type Manager Library (atmfd.dll) and affect all supported versions of Windows.
This built-in library is used by a variety of applications to render PostScript Type 1 fonts available from Adobe Systems.
"Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-created multi-master font - Adobe Type 1 PostScript format," the company said.
According to Microsoft, attackers could exploit the bug in a variety of ways, such as convincing a potential target to open a specially-created malicious document or viewing it in the Preview pane.
The vulnerabilities are rated as "Critical" and are currently being exploited in "limited, targeted" attacks.
Microsoft didn't reveal any details about the volume or geographic locations of exploits. It also refrained from disclosing whether the exploits are successfully executing malicious payloads or just attempting it.
There is currently no patch available to address the vulnerabilities, although Microsoft said that one may arrive in next month's Patch Tuesday security update, currently scheduled for 14th April.
"Updates that address security vulnerabilities in Microsoft software are typically released on Update Tuesday, the second Tuesday of each month," the advisory from Microsoft reads.
Until that time, users can implement workaround mitigations to protect their systems from Windows zero-day attack.
This includes disabling the Preview and Details panes in Windows Explorer, which will prevent the automatic display of OTF fonts.
Another recommended workaround is disabling the WebClient service that will help block the remote attack vector through the Web Distributed Authoring and Versioning client service.
Microsoft also recommends renaming the ATMFD.DLL library to prevent potential exploits from working.
Earlier this month, Microsoft released its monthly Patch Tuesday security update to address a total of 117 security vulnerabilities across various products, including Windows, Office and the Edge web browser.
Of the 117 security flaws fixed by the company, 26 were rated as 'critical'. One vulnerability was "moderate" in severity, while the rest were 'important' flaws.