Microsoft / Érika García / CNET



Microsoft has warned users about a new vulnerability that exists in Windows. In a post on the MSRC website this week, the company warned that the vulnerability takes advantage of Adobe’s Type Manager Library software that goes with the operating system.

Microsoft warns that the limited and targeted attack occurs when the Library “improperly handles a specially crafted multi-master font – Adobe Type 1 PostScript format”, adding that there are “multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or view it in the Windows Preview pane. “

Microsoft says it is “aware of this vulnerability and is working on a fix,” adding in the document that it shares the information to “help reduce customer risk as the security update is released.”

The company generally addresses security vulnerabilities “on update Tuesday, the second Tuesday of every month.”

The affected versions include Windows 7, 8, 8.1, RT, and , in addition to Windows Server 2008, 2012, 2016, and 2019.

While the company says it is less likely be affected, particularly newer versions that have the vulnerable atmfd.dll code that is not present or that runs in a sandbox with limited privileges, helping to mitigate the problem until a patch is created. The company details a workaround for disabling the Preview pane in Windows Explorer.

In Windows 10, this can be done as follows:

Open Windows Explorer, click on the tab View (View). Clear menu options Details pane (Details pane), such as Preview pane (Previous panel). Click on Options (Options), and then on Change folder and search options (Change folder and look for options). Click on the tab View. Low Advanced settings (Advanced settings), points to the box Always show icons, never thumbnails (Always show icons never thumbnails). Close all open instances of Windows Explorer for the change to take effect.

To redo the workaround and re-enable the Preview panel, follow the same steps, but when you get to Advanced Settings, “clear the Always show icons, never thumbnails” box.

You can find similar steps for other versions of Windows here.