The flaws exist in the Windows Adobe Type Manager Library, which allows apps to manage and render fonts available from Adobe Systems. Attackers may exploit the vulnerabilities by getting their targets to open booby-trapped documents or view them in the Windows preview pane.

Microsoft is still working to fix the vulnerabilities. The earliest it will issue a patch is likely April 14th. Microsoft typically releases security updates on Update Tuesday, the second Tuesday of each month. In the meantime, there are a few workarounds, including disabling the preview pane and details pane in Windows Explorer. Microsoft has detailed the steps users should take here.