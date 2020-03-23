%MINIFYHTML38302fd00ea95b287b492c9640eb9cfb11% %MINIFYHTML38302fd00ea95b287b492c9640eb9cfb12%

Microsoft today revealed a new remote code execution vulnerability that can be found in all supported versions of Windows and is currently being exploited in "limited targeted attacks,quot; (via TechCrunch) If a hacker successfully attacked, he could theoretically execute code or malware remotely on the victim's device.

The flaw involves the Adobe Type Manager library, which helps Windows render fonts. "There are several ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or view it in the Windows Preview pane," according to Microsoft. The vulnerability has a severity level of "critical,quot;, which is the highest rating of the company.

There is currently no patch to correct the vulnerability.

%MINIFYHTML38302fd00ea95b287b492c9640eb9cfb13% %MINIFYHTML38302fd00ea95b287b492c9640eb9cfb14%

There is currently no patch available to fix the flaw, although Microsoft's advisory notes that updates to address security vulnerabilities are generally released as part of Update Tuesday, generally scheduled for the second Tuesday of each month. That means, in theory, that the next update on Tuesday is scheduled for April 14.

%MINIFYHTML38302fd00ea95b287b492c9640eb9cfb15% %MINIFYHTML38302fd00ea95b287b492c9640eb9cfb16%

In a statement to The edge, Microsoft reiterated Its standard Tuesday update policy, but the company did not give a specific date for when a patch could be issued.

Microsoft provides instructions for some workarounds in its notice, such as disabling the Preview Pane and Details Pane in Windows Explorer.