In a security advisory posted on its website, Microsoft writes, “Microsoft is aware of limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released.”
They add, “Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format. There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.”
With most reported exploits, usually when discovered by white hat hackers or researchers like those from Google’s Project Zero, they give companies a heads up first before making their findings public, giving them a chance to fix the issue. Unfortunately in this case, it seems that the is still no patch yet for the exploits, meaning that if you’re a Windows 10 user, there is the possibility that your computer is vulnerable.
Microsoft does state that they are working on a fix, but when exactly this patch will be arriving is unclear.