Hackers are exploiting a zero-day vulnerability in the Windows OS to take over systems, Microsoft said in a security alert today.
The zero-day is located in the Adobe Type Manager Library (atmfd.dll), a library that Microsoft uses to render PostScript Type 1 fonts inside Windows.
Microsoft says there are two remote code execution (RCE) vulnerabilities in this built-in library that allow attackers to run code on a user’s system and take actions on their behalf.
All currently supported versions of the Windows and Windows Server operating systems are vulnerable, according to Redmond’s security advisory.