Microsoft discloses new Windows vulnerability that’s being actively exploited
Illustration by Alex Castro / The Verge
Microsoft disclosed a new remote code execution vulnerability today that can be found in all supported versions of Windows and is currently being exploited in “limited targeted attacks” (via TechCrunch). If a hacker successfully pulled off an attack, they could theoretically remotely run code or malware on the victim’s device.
The flaw involves the Adobe Type Manager Library, which helps Windows render fonts. “There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane,” according to Microsoft. The vulnerability has a severity level of “critical,” which is the company’s highest rating.