Microsoft warns Windows users of two security holes already under attack

There are a few workarounds users can take to minimize their risk.

Sponsored Links

ASSOCIATED PRESS
ASSOCIATED PRESS

Today, Microsoft warned billions of Windows users that hackers are actively exploiting two critical zero-day vulnerabilities that could allow bad actors to take complete control of targeted computers. According to a security advisory, the vulnerabilities are being used in "limited targeted attacks," and all supported Windows operating systems could be at risk.

The flaws exist in the Windows Adobe Type Manager Library, which allows apps to manage and render fonts available from Adobe Systems. Attackers may exploit the vulnerabilities by getting their targets to open booby-trapped documents or view them in the Windows preview pane.

Microsoft is still working to fix the vulnerabilities. The earliest it will issue a patch is likely April 14th. Microsoft typically releases security updates on Update Tuesday, the second Tuesday of each month. In the meantime, there are a few workarounds, including disabling the preview pane and details pane in Windows Explorer. Microsoft has detailed the steps users should take here.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

Popular on Engadget