New remote code execution Windows zero days actively exploited

Adobe Opentype

Microsoft is warning users that new, critical remote code execution bugs affecting all current versions of Windows is being actively exploited.

The vulnerabilities lies in the Windows Adobe Type Manager Library, and can be exploited with malicious Adobe Type 1 Postscript format multiple master fonts, now superseded by OpenType fonts.

Attackers can exploit the vulnerabilities in several ways, by embedding the Type 1 fonts into documents and convincing users to open them or look at them in the Windows Explorer preview pane, Microsoft said.

Windows version 7, 8.1, RT 8.1, 10 are vulnerable to the remote code execution flaws, along with Windows Server 2008 service pack 2 onwards.