CERT.EU has released a security advisory for two remote-code-execution vulnerabilities affecting all versions of Windows (CVE-2020-0796 and a new one). The two vulnerabilities are linked to the Adobe Type Manager Library. An attacker could exploit these vulnerabilities by convincing a user to open or preview a specially crafted PDF document.
Microsoft has not yet released a patch for the latest vulnerability. It is recommended to apply the following workarounds until the patch is available: - disable the preview pane and details pane in Windows Explorer - disable the webclient service - rename ATMFD.DLL
All relevant details on: https://media.cert.europa.eu/static/SecurityAdvisories/2020/CERT-EU-SA2020-017.pdf
Non-technical users should be extremely careful with opening PDF documents and using Adobe for editing sensitive documents. As soon as the patch will be released, users shall update Windows as once.
Attention has to be paid to the fact that the attack also affects Windows 7, which since January 2020 is not supported anymore and no security updates will be available for these systems! - https://www.microsoft.com/en-us/windows/windows-7-end-of-life-support-information
Get more info about CVE-2020-0796: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005