It is important to note that this vulnerability affects all versions of Windows, but no patch will be released for Windows 7 because support for that version ended on January 14, 2020. Microsoft’s security release contains mitigations and workarounds that can currently be implemented until a patch is released for supported versions. Until a patch is released, it is especially important to be on the lookout for phishing email messages with attached or linked document files that could exploit this vulnerability. It is also important to monitor workstations and servers for unusual activity that could signal attacker behaviors, including programs being launched as a result of documents viewed in the Windows Preview pane. When a patch is released for a newly found vulnerability it is important that it gets installed as soon as practical after testing, as it will help ensure that attackers cannot exploit the vulnerability moving forward. Many attackers prey on those who do not patch their systems and use old and outdated software. The report from Microsoft with workarounds and mitigations can be found here: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006
Additional reporting can be found at these news sources:
https://www.zdnet.com/article/microsoft-warns-of-windows-zero-day-exploited-in-the-wild/
https://thehackernews.com/2020/03/windows-adobe-font-vulnerability.html