Critical security flaw discovered in Windows 10

Microsoft has released an advisory detailing a new security flaw in Windows 10.

The flaw’s severity level is labelled as “critical” and comprises two remote code execution vulnerabilities related to the Windows Adobe Type Manager Library.

“Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format,” Microsoft said.

“There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.”

Microsoft said it was aware of this vulnerability and was working on a patch to address the security flaw.

“Updates that address security vulnerabilities in Microsoft software are typically released on Update Tuesday, the second Tuesday of each month,” Microsoft said.

“This predictable schedule allows for partner quality assurance and IT planning, which helps maintain the Windows ecosystem as a reliable, secure choice for our customers.”

Affected systems

Operating systems affected by this security flaw include:

Windows 10
Windows 7
Windows 8.1
Windows RT 8.1
Windows Server 2008
Windows Server 2012
Windows Server 2016
Windows Server 2019

Microsoft did not announce when it would issue a security update for the security flaw announced on 23 March.

However, it did state that by disabling the Preview Pane and Details Pane in Windows Explorer, users will be able to prevent malicious files from being viewed and help to protect themselves from this attack.

This follows after Microsoft issued emergency updates for a remote code execution vulnerability in Windows 10 earlier this month which exposed affected systems to wormable attacks similar to the WannaCry exploit.

The company recommended that Windows 10 users install the security update as soon as possible, especially if your PC regularly uses network devices.