On March 23rd , Microsoft acknowledged two security vulnerabilities in the Adobe Type Manager Library which allow for remote code execution (RCE).
There are many ways that an attacker can exploit these vulnerabilities, but one method would be convincing a target to open a document that has been loaded with malicious code. Even viewing the document in a Windows Preview pane will execute the code contained inside it. All supported Windows and Windows Server operating systems are affected.
This includes Windows 7, 8.1, RT 8.1, 10, Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019.
Due to the increase in users working remotely, users may be targeted and tempted to open documents regarding the current world situation, or its prevention. These vulnerabilities do require user interaction. Now is a good time to remind your staff and clients about the dangers of opening documents from unknown sources.
At this point, Microsoft has not created a patch for the issue, but mitigation strategies are available through the following Microsoft advisory: