Hackers are exploiting a zero-day vulnerability in the Windows 7 OS to take over systems, Microsoft said in a security alert today.
The zero-day is located in the Adobe Type Manager Library (atmfd.dll), a library that Microsoft uses to render PostScript Type 1 fonts inside multiple versions of the Windows OS.
Microsoft says there are two remote code execution (RCE) vulnerabilities in this built-in library that allow attackers to run code on a user’s system and take actions on their behalf.
“There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane,” the company said.
The company described the current attacks exploiting the zero-day as “limited” and “targeted.” The attacks were primarily aimed at Windows 7 systems; however, other Windows versions are also impacted.