Microsoft has revealed that there is a remote code execution vulnerability that applies to all supported versions of Windows.  The vulnerability is being exploited in “limited targeted attacks” where if successful, a hacker can run remote code or malware on the affected device.

The flaw is a part of the Adobe Type Manager Library, which helps Windows render fonts. Microsoft notes that “there are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.”

There is currently not a patch for the vulnerability. Security vulnerabilities are usually released on the second Tuesday of every month, which means if a patch is ready in time, it could be released on April 14th, 2020.

Although there is currently not a patch for the security flaw, Microsoft has offered a few temporary workarounds - users can disable the Preview Pane and Details Pane in Windows Explorer.

Story via The Verge

[UPDATE – 4/16/2020]  - A patch for the vulnerability mentioned above has been released. The patch fixes the Adobe Type Manager Library vulnerability, as well as 133 other security issues. If you have automatic updates enabled, chances are the patch has already been installed for you. However if you don’t, follow these instructions to install the patch:

• Open Windows Start Menu

• Click Settings

• Go to Update and Security > “Windows Update” to check for the patch.

• Click “Download” to install the patch

• Once the download is complete, restart your PC when prompted