Published on: 24 March 2020
Multiple vulnerabilities have been found in the Microsoft Windows Adobe Type Manager library. These vulnerabilities could be exploited by enticing a user to open a specially crafted document or viewing it in the Windows Preview pane of an affected Windows system.
A successful attack could lead to remote code execution on an affected Windows system.
Patches for the affected products are not yet available. System administrators should refer to the following advisory from Microsoft to mitigate the risk of being compromised by the vulnerabilities:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200006
System administrators should properly assess the impacts before applying the mitigation measures provided in the advisory.
Further, users should constantly remain vigilant against malware infection and are always advised:
(a) Not to open any attachments or click any URLs inside suspicious emails before verifying the email contents with the senders through alternative channels; and
(b) Not to click on any suspicious URLs, visit fraudulent websites or download any suspicious files.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200006
https://www.kb.cert.org/vuls/id/354840/
https://www.us-cert.gov/ncas/current-activity/2020/03/23/microsoft-rce-vulnerabilities-affecting-windows-windows-server