Microsoft warns of Windows zero-day exploited in the wild

Hackers are exploiting a zero-day vulnerability in the Windows 7 OS to take over systems, Microsoft said in a security alert today.

The zero-day is located in the Adobe Type Manager Library (atmfd.dll), a library that Microsoft uses to render PostScript Type 1 fonts inside multiple versions of the Windows OS.

Microsoft says there are two remote code execution (RCE) vulnerabilities in this built-in library that allow attackers to run code on a user’s system and take actions on their behalf.

“There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane,” the company said.

The company described the current attacks exploiting the zero-day as “limited” and “targeted.” The attacks were primarily aimed at Windows 7 systems; however, other Windows versions are also impacted.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.