A zero-day Adobe Type Manager Library exploit is now wielded in limited, targeted attacks against Windows users, technically allowing for remote code execution. The good news is that Microsoft knows about the problem, but the bad news is that a patch is not yet available.
When Microsoft notifies people of vulnerabilities in Windows 10, it’s usually after a patch is deployed to fix the problems. The latest announcement from Microsoft regarding the zero-day Adobe Type Manager Library exploit is different because attackers are using it in the wild.
It’s not something that’s technically possible which should be fixed. The exploit is in use right now, which means the company is quickly notifying users about its possible use and about some mitigations that can be implemented until a patch is available.
“Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format,” says Microsoft in the advisory. “There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.”
While the tool is called the Adobe Type Manager Library, it’s not actually made by Adobe. It’s an implementation of a similar tool, made originally by Adobe, used to read PostScript Type 1 fonts. It turns out that it’s possible to embed information in malicious font files and use the Windows Preview pane to open it.
Microsoft is working on a fix and it should be available in the next Update Tuesday, which usually falls on the second Tuesday of the month. In the meantime, users can follow the instructions in the advisory regarding various workarounds. Some of these measures will have to be reversed after the patch is applied to regain full functionality of the operating system.