Targeted attacks exploiting vulnerabilities in Microsoft Windows
We are aware of attackers exploiting currently unpatched vulnerabilities in the Adobe Type Manager Library. Microsoft has released an advisory with workarounds to help reduce customer risk until the security patch is released. If exploited, these vulnerabilities allow an attacker Remote Code Execution on the affected computer
The current attacks are believed to be targeted, however all administrators should apply the relevant mitigations for their organisation.
All supported versions of the Microsoft Windows and Server operating systems, as well as Windows 7.
What this means
If a system is vulnerable, then an attacker may be able to use this to execute code by tricking a user into opening or previewing content such as office documents.
A security patch is not yet available, but Microsoft is working on a security patch to address it.
What to look for
How to tell if you're at risk
You’re at risk if you’re running an affected version, and haven’t applied the relevant workarounds for your version of Windows.
What to do
Microsoft has released a number of workarounds to help reduce customer risk until the security patch is released. CERT NZ recommends you apply the mitigations for your Windows version and apply the patch once it’s available.