1 min read

Microsoft Finds Adobe Type Manager Library Exploit Used in the Wild; Patch Incoming

Silviu STAHIE

March 24, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Microsoft Finds Adobe Type Manager Library Exploit Used in the Wild; Patch Incoming

A zero-day Adobe Type Manager Library exploit is now wielded in limited, targeted attacks against Windows users, technically allowing for remote code execution. The good news is that Microsoft knows about the problem, but the bad news is that a patch is not yet available.

When Microsoft notifies people of vulnerabilities in Windows 10, it”s usually after a patch is deployed to fix the problems. The latest announcement from Microsoft regarding the zero-day Adobe Type Manager Library exploit is different because attackers are using it in the wild.

It”s not something that”s technically possible which should be fixed. The exploit is in use right now, which means the company is quickly notifying users about its possible use and about some mitigations that can be implemented until a patch is available.

“Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format,” says Microsoft in the advisory. “There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.”

While the tool is called the Adobe Type Manager Library, it”s not actually made by Adobe. It”s an implementation of a similar tool, made originally by Adobe, used to read PostScript Type 1 fonts. It turns out that it”s possible to embed information in malicious font files and use the Windows Preview pane to open it.

Microsoft is working on a fix and it should be available in the next Update Tuesday, which usually falls on the second Tuesday of the month. In the meantime, users can follow the instructions in the advisory regarding various workarounds. Some of these measures will have to be reversed after the patch is applied to regain full functionality of the operating system.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials
Silviu STAHIE

November 26, 2021

1 min read
Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group
Filip TRUȚĂ

November 26, 2021

1 min read
Couple arrested for secretly installing cryptomining software on department store PCs Couple arrested for secretly installing cryptomining software on department store PCs
Graham CLULEY

November 26, 2021

1 min read