According to Microsoft, attackers are exploiting a flaw in Windows that allows malicious code to enter a fully updated system In addition, there is no patch yet, which means users are actively at risk

On March 23, Microsoft issued a security advisory to users stating that it is "aware of a limited targeted attack" that takes advantage of two remote code execution vulnerabilities The security flaws stem from the Adobe Type Manager Library, which provides Adobe Systems fonts to Windows applications

The attack could occur if hackers trick victims into opening malicious documents or displaying them in Windows Preview Maintenance of the Adobe Type Manager Library in Windows is the responsibility of Microsoft, not Adobe It seems that maintenance of the Adobe Type Manager Library on Windows is the responsibility of Microsoft, not Adobe

Microsoft did not share the details of the attack that prompted this critical-level advisory, but "limited targeted attacks" usually mean that state-sponsored intelligence agencies are exploiting the flaw to compromise specific computer systems

Microsoft says there is no fix for the vulnerability at this time; according to TechCrunch, a Microsoft spokesperson has indicated that a patch will be available next Patch Tuesday (April 14) Windows 7 systems only eligible for the April patch if operators pay Microsoft an additional fee to continue support past the end date of regular Windows 7 support, which ends in January 2020

Until the patch is available, all Windows users should be aware of suspicious requests or prompts on their devices Do not respond to requests to view untrusted documents

For immediate workarounds, Microsoft recommends disabling the preview and detail panes of Windows Explorer, disabling the WebClient service, disabling the Adobe Type Manager Library DLL library (ATMFD DLL), and renaming the Adobe Type Manager Library DLL library (ATMFD

According to Microsoft's advisory, this problem is partially, but not completely, mitigated in all versions of Windows 10 because font drivers are run in isolation from the rest of the operating system

In Windows 10 build 1709 (2017 Fall Creators Update) and later, ATMFDDLL is no longer present, but the attack still "executes code within the AppContainer sandbox context with limited privileges and capabilities can be executed"

For more information and potential risks of implementing these workarounds, see