720-891-1663
Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers.
According to Microsoft says the two bugs are being used in limited attacks in the wild, AFFECT all supported versions of the Windows —including Windows 10, 8.1, 7 and Server 2008, 2012, 2016, and 2019 editions.
Both vulnerabilities reside in the Windows Adobe Type Manager Library.
Microsoft has no patch yet but says that they will have one for next month’s patch Tuesday. In the meantime, there are mitigations. For Windows 10 workstations, the attack is somewhat limited because it runs inside the sandbox.
For details and mitigation information, see the CERT alert and Microsoft’s announcement.