Microsoft announced that Windows 10 and other supported versions of Windows has a security flaw that can get a user infected with malware by just downloading a file. The attackers can use flaws in Adobe Type Manager Library and trick the victim into opening a document infected with malware. After opening the file, attackers can remotely install ransomware on the affected device.
In the security update guide, Microsoft mentioned that the threat is low for those systems running Windows 10.
“The threat is low for those systems running Windows 10 due to mitigations that were put in place with the first version released in 2015.”
Microsoft also recommends upgrading older versions of Windows to Windows 10. There is a workaround for the time being, listed on their website here. Microsoft will patch the bug in an update that’s expected on April 14. But for Windows 7 users, you might want to leave it like that because you will not be getting updates unless you’re an enterprise user.
This security flaw has been rated as “critical” and is linked with how fonts are rendered. Microsoft released an advisory, saying that they’re aware of the “limited targeted attacks” and they’re working on a fix. For now, users can follow Microsoft’s workaround and wait for the patch.