Microsoft has just announced hackers have exposed a flaw in Windows 10 and are exploiting it with a new hack. Making matters worse, there is still no patch to prevent hackers from getting to you.
According to Microsoft’s advisory, these are “targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library.”
This Windows hack exposes remote code execution vulnerabilities when the “Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format”
The hack isn’t overly robust, as it only needs a user to open a document containing malware or view in the Windows preview pane. A hacker could easily accomplish this through a simple phishing email.
There may be a bit of a delay in releasing a patch to fix the issue, as Microsoft generally releases updates on the second Tuesday of each month. It can make out-of-band releases for major security issues, but this limited attack will likely be one that Microsoft will let ride until the next update Tuesday.
Until then, Microsoft has released a few workarounds to mitigate the vulnerability. You can find those at the bottom of the advisory page.
We’ll update you is Microsoft decides to release an off-band update before update Tuesday rolls around.
