+- Red Security (https://redsecurity.info/cc)
+-- Forum: General (https://redsecurity.info/cc/forumdisplay.php?fid=1)
+--- Forum: News (https://redsecurity.info/cc/forumdisplay.php?fid=4)
+--- Thread: News Microsoft Alerts Users Of Zero-Day RCE Vulnerability In Windows 7 Under Active Exploi (/showthread.php?tid=1451)
Microsoft Alerts Users Of Zero-Day RCE Vulnerability In Windows 7 Under Active Exploi - Mr.Kurd - 03-26-2020
In The Name OF Allah
Al-Salam Alekum
![[Image: Microsoft-fixed-800x445.jpg]](https://latesthackingnews.com/wp-content/uploads/2019/01/Microsoft-fixed-800x445.jpg)
Why I feel that Microsoft doing this attack itself????? to get rid of Win7 users at least.
Quote:Reportedly, Microsoft has issued an alert for all users regarding a vulnerability that ships with the Windows operating system. The bug exists in Adobe Type Manager Library (atmfd.dll) which facilitates rendering PostScript Type 1 fonts inside the OS.
What’s troublesome is that before catching the attention of the vendors for a fix, it attracted hackers. Hence, this vulnerability is now under active exploitation. Microsoft have noted the exploitation of this zero-day vulnerability against Windows 7.
Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.
There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.
The Source
Wa Salam Alekum