However, Microsoft is planning to release patches for those older systems only for participants that paid into its Extended Security Updates program. The next update Tuesday date will be April 14.Īll Windows systems are potentially subject to the flaw, including the unsupported Windows 7 and Windows Server 2008 operating systems, which lost support in January. The advisory suggested that patches, when available, would arrive on a normal "update Tuesday" patch release date, which happens on the second Tuesday of each month. Microsoft's advisory offered three "workarounds" to implement, but they all have limitations. The library "improperly handles a specially crafted multi-master font." This flaw can be exploited by "convincing a user to open a specially crafted document or viewing it in the Windows Preview pane." The vulnerability, associated with the Adobe Type Manager Library in Windows systems, has been exposed to "limited, targeted attacks," per the advisory. "We do not recommend that IT administrators running Windows 10 implement the workarounds described below," the advisory explained. It's still rated "Critical" for older systems, though. Update 3/25: Microsoft updated its security advisory on March 24 to indicate that the vulnerability is just rated "Important" for Windows 10, Windows Server 2016 and Windows Server 2019 systems. Microsoft on Monday issued Security Advisory ADV200006 for a "Critical"-rated remote code execution vulnerability in both supported and unsupported Windows systems.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |