Microsoft warns of remote code execution-zeroday in Windows
Microsoft is warning users of a vulnerability in Windows 10 that could allow an attacker to execute code remotely. The company says the zeroday is actively being abused. The vulnerability is in the Adobe Type Manager library.
The vulnerability is named ADV200006. Details about it are on Microsoft’s website. The vulnerability allows attackers to perform remote code execution on different versions of the operating system. The code can be run in the AppContainer sandbox with restricted permissions. Specifically, there are two vulnerabilities, which are in the way the Adobe Type Manager library in Windows handles the specific multimaster font Adobe Type 1 PostScript. Attackers can exploit that by sending a victim a document with a macro that uses that script, or by having the document open in the Windows Preview pane.
Microsoft has indications that the vulnerability is being actively exploited. It would be a small number of targeted attacks. The company does not say on who these take place. The vulnerability is in both Windows 10 and older versions, such as Windows 7 and 8.1. Windows Server 2008, 2012, 2016 and 2019 are also vulnerable. Microsoft says it is still working on a patch. It will most likely be released during the upcoming Patch Tuesday. In the meantime, the company advises on mitigation. Administrators can disable the Preview panel, or run fontdvrhost.exe in user mode.