Unpatched Windows Zero-Day flaws exploited, Microsoft says

Attackers are exploiting unpatched Windows zero day flaws, Microsoft said in a Monday security advisory. The company said “limited targeted attacks” could leverage two unpatched remote code executive (RCE) vulnerabilities in Windows “when the Windows Adobe Type Manager Library improperly handles a specially crafted multi-master font – Adobe Type 1 PostScript format.” Among the ways a hacker could exploit the flaws is convincing users to open “a specially crafted document or viewing it in the Windows Preview pane.” The company said it’s working on a fix but in the meantime users should use recommended mitigation and workarounds to reduce the risk, including disabling the Preview Pane and Details Pane in Windows Explorer, disabling the WebClient service and renaming ATMFD.DLL.