In an article shared on March 23 on his blog, Microsoft admits to having noted the existence of a 0-day flaw, that is to say a vulnerability which has never been mentioned in the past and which does not have of fix. This is present in all supported versions of Windows, including Windows 10.
A vulnerability judged ” critical By Microsoft
The flaw in question focuses more specifically on the Adobe Type Manager library, a device that helps Windows to render fonts. On his blog, Microsoft writes on this subject: “ There are multiple ways for a hacker to exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview panel. “
According to the firm, a hacker who successfully attacks by exploiting this flaw may be able to execute code or malware on the victim’s computer. Microsoft has classified this vulnerability as ” critical Which represents the highest level of such problems.
However, the most problematic is that no patch has been deployed by Microsoft yet. According to the American company, hackers would exploit this flaw in the context of attacks ” limited and targeted But she does not give more details or figures on this subject.
Microsoft said it is currently working on a patch, but does not specify when it will be available to users. The company has a habit of rolling out its updates on the second Tuesday of each month, which would postpone the patch to April 14. Given the magnitude of the flaw, it is possible that it will release the fix before, which it has already done for other situations of this type in the past.
In its post, Microsoft gives some advice to users, evoking for example the deactivation of panels Overview and Details.