Microsoft on Monday said that attackers are exploiting a previously undisclosed security vulnerability found in all supported versions of Windows.
The company said that "limited targeted attacks" observed could leverage un-patched vulnerabilities in the Adobe Type Manager Library. The company provided a guidance to help reduce customer risk until the security update is released.
Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.
There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.
Microsoft is working on a fix. Updates that address security vulnerabilities in Microsoft software are typically released on Update Tuesday, the second Tuesday of each month. The operating system versions that are affected by this vulnerability include Windows 7, but only enterprise users with extended security support will receive patches.
In the meantime, the advisory offered a temporary workaround for affected Windows users to mitigate the flaw until a fix is available.