Windows: ‘Two vulnerabilities in all versions, no patch ready yet’

Get a free Techzine subscription!

Two vulnerabilities in Windows have been identified by Microsoft itself, while the tech giant is working on a patch to fix the problems.

In this week’s security update, Microsoft addressed the existence of vulnerabilities related to the ability to execute code in the Windows Adobe Type Manager Library. This section is used by Windows to render the PostScript Type 1 fonts. A hacker could take advantage of the vulnerability by presenting a specially created document to a user who then actually opens it, or if a user views the document in the preview screen.

According to Microsoft, the vulnerability can be found in all versions of the systems (all Windows 10 versions, but also Windows 7 and Windows Server 2008) and a patch that resolves the vulnerabilities is still in the making. However, the company does announce that updates that fix such security vulnerabilities will be released on Update Tuesday; that would be April 14.

Although there is no patch ready for the vulnerabilities, according to Microsoft there are a number of ways to avoid the problem. Disabling the preview window (in Windows, not in Outlook, Microsoft emphasises that the latter does not play a role in the vulnerability) is one, disabling the WebClient service and renaming atmfd.dll are two others.