Hackers are exploiting a critical bug in Windows 10's handling of fonts

Microsoft says a patch will likely arrive April 14, but it's offering a workaround in the meantime

Tomekbudujedomek/Moment/Getty Images

Microsoft says it is aware of a vulnerability in Windows 10 that could allow hackers to remotely execute malware and other malicious software on a victim's computer. Microsoft says there's no patch for the vulnerability but that it's working on a fix, which should come on April 14. Its advisory warning states the company is aware of "limited targeted attacks" but doesn't further specify how many attacks have been reported nor their scale.

The vulnerability lies in the Adobe Type Manager Library, which controls how Windows renders fonts, and can be executed by convincing a user to open a malicious document or even just preview it in the file manager. Bugs are an inevitable part of software, as are fixes for them. So, why the delay in issuing a fix for this problem? Microsoft only rolls out updates for Windows on the second Tuesday of every month, so this one will have to wait for April's update day.

Microsoft's advisory warning classifies this particular bug as "critical," its highest severity rating, and says it affects all version of Windows 10 as well as Windows 7, though only enterprise users of the legacy OS will receive a patch. Non-enterprise users of Windows 7 should all have stopped using it in January when official support ended.

Don't open strange files — If you want to protect yourself, Microsoft offers the typical guidance to not download and open any files willy nilly — check who they're from, what sort of file it is, and whether it's normal to be receiving a file from that sender. We expect you're already familiar with this very common, very sensible advice. If not, you should apply it not just to your Windows machine, but to instant messaging services, too, in case a crown prince tries to hack your phone with a WhatsApp message.

Since the bug can also be exploited through file previews, Microsoft's advisory warning also offers instructions on how to disable the Preview Pane, at least until a fix is released. It definitely won't hurt to do that. Just set a reminder on your calendar for April 15 to enable it again.

How to fix the problem — Windows 10 users (along with those using Windows Server 2016 or Server 2019) can disable the preview pane by doing the following:

  • Open Windows Explorer, click the View tab.
  • Clear both the Details pane and Preview pane menu options.
  • Click Options, and then click Change folder and search options.
  • Click the View tab.
  • Under Advanced settings, check the Always show icons, never thumbnails box.
  • Close all open instances of Windows Explorer for the change to take effect.