For three zero-day vulnerabilities in different versions of Microsoft Windows, a patch was released this week to tighten security. Should the update not be downloaded and installed immediately, Windows users run the risk that hackers could take over their system.
Two of the three vulnerabilities identified were related to the Adobe Type Manager Library, a DLL file used by various applications to render Adobe fonts. This would make it possible to access a computer through a malicious file, even if it is only shown on the Windows preview screen.
Users of Windows 10 were slightly less at risk, as that OS has extra security measures to prevent such abuse. Still, in theory a hacker could install programs, throw them away or create a user account with full admin rights.
Especially Windows 7 affected
Microsoft already announced last month that the vulnerabilities were used in a small number of targeted attacks on systems running Windows 7, this Tuesday’s update should fix the vulnerabilities. For those who need more time, Microsoft recommends temporarily disabling the preview screen and the WebClient service.
The third vulnerability to be fixed with this week’s patch was also announced in March. This concerned the possibility of hacking on an already infected PC (where minimum admin rights were obtained) by running a special program to get increased rights.