Microsoft released a security advisory stating that they are aware of a Type 1 font parsing remote code execution (RCE) vulnerability affecting all versions of Windows, including Windows Server. The bugs exist when Adobe Type Manager Library improperly handles a specifically crafted multi-master font Adobe Type 1 PostScript format. Attackers could exploit this vulnerability by tricking a user into opening a specially crafted document or using the Windows Preview pane to view the document. As of now, there is no patch for this vulnerability, and it is not expected to be released until Microsoft’s next patch Tuesday on April 14, 2020. Microsoft is currently aware that there are limited targeted attacks that could leverage these vulnerabilities in Adobe Type Manager.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased