The company has warned all the users for limited target attacks.
The zero-day vulnerability couldn’t have come at a worse time as millions of users are staying at home or working remotely during the Covid-19 pandemic. The company warned that the zero-day vulnerability is out in the open and is using for “limited, targeted attacks.” There’s no patch for the bug, for now.
The company state that the bug exists in the Adobe file type manager responsible for managing and rendering some fonts. The loophole allows attackers to inject malicious codes remotely by making the victim open a document that looks like a legit one but has malware.
Limited target Attacks:-
State-backed cyberattacks. In such cases, hackers target very few devices; in some cases, less than a dozen. It’s worth noting that Microsoft hasn’t elaborated who conducted these limited attacks or users in which areas were affected.
The company statement-
“Two remote code execution vulnerabilities exist in Microsoft Windows. When the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format”.
To avoid Vulnerabilities in windows for target attacks:-
For instance, users are suggested to disable preview and Details panes in Windows Explorer. Users can also disable the WebClient service.
Several steps to mitigate the vulnerability:-
Users can disable preview and Detail panes in Windows Explorer, disable the WebClient service, or rename a DLL file found in versions before Windows 10 1709. As always, don’t download or open suspicious documents from untrusted sources.
Read More News Related To Cyber Security Click Here