Windows code-execution zeroday is under active exploit, Microsoft warns

[InfoSec News <alerts () infosecnews org>]

https://arstechnica.com/information-technology/2020/03/attackers-exploit-windows-zeroday-that-can-execute-malicious-code/

By Dan Goodin
Ars Technica
03/23/2020

Attackers are actively exploiting a Windows zero-day vulnerability that 
can execute malicious code on fully updated systems, Microsoft warned on 
Monday.

The font-parsing remote code-execution vulnerability is being used in 
“limited targeted attacks,” the software maker said in an advisory 
published on Monday morning. The security flaw exists in the Adobe Type 
Manager Library, a Windows DLL file that a wide variety of apps use to 
manage and render fonts available from Adobe Systems. The vulnerability 
consists of two code-execution flaws that can be triggered by the improper 
handling of maliciously crafted master fonts in the Adobe Type 1 
Postscript format. Attackers can exploit them by convincing a target to 
open a booby-trapped document or viewing it in the Windows preview pane.

“Microsoft is aware of limited, targeted attacks that attempt to leverage 
this vulnerability,” Monday’s advisory warned. Elsewhere the advisory 
said: “For systems running supported versions of Windows 10 a successful 
attack could only result in code execution within an AppContainer sandbox 
context with limited privileges and capabilities.”

Microsoft didn’t say if the exploits are successfully executing malicious 
payloads or simply attempting it. Frequently, security defenses built into 
Windows prevent exploits from working as hackers intended. The advisory 
also made no reference to the volume or geographic locations of exploits. 
A fix is not yet available, and Monday’s advisory provided no indication 
when one would ship.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_