Microsoft is warning of critical zero-day flaws that it believes are being used by attackers in “limited, targeted” attacks. Customers of Deep Secure Threat Removal are automatically protected.
According to a security advisory issued on Monday, the attackers are taking advantage of remote code execution vulnerabilities in the way the Microsoft Windows Adobe Type Manager library handles certain fonts. The problem arises because of an error in the way the Windows version of Adobe Type Manager Library parses a specially-crafted multi-master Adobe Type 1 PostScript format font. According to Adobe, Microsoft stopped using this particular type of font long ago. Versions of Microsoft Office applications, beginning with Office 2013 no longer support Type 1 fonts. They may appear in the list of available fonts, but they won't display or print properly.
There are myriad ways that the zero day can be exploited by an attacker including remote execution of active code when documents are opened or even previewed using File Explorer. Microsoft have yet to issue a patch.
Remediation
Customers of Deep Secure Threat Removal are automatically protected from this zero day flaw.
In real time, Threat Removal automatically transforms files, extracting only the valid business information from them, verifying them, then discarding the original and creating a wholly new file, formatted to match the original. As a consequence, deprecated features, such as multi-master Adobe Type 1 PostScript format fonts in Office documents, are discarded and the user always receives a 100% malware-free document.
