To be precise, the vulnerabilities have been narrowed down to two remote code executions (RCE) vulnerabilities that allows hackers to unpackage and run their code on a victim’s PC. And then proceed to execution actions online, without them realising it. Also, the vulnerability affects all versions of Windows and Windows Server OS. As per the software company’s update, there are multiple ways that a hacker could exploit the vulnerability. One action being the ability to convince users to “open a specially crafted document or viewing on the Windows Preview pane”.
At the time of writing, Microsoft still hasn’t released a patch for the vulnerability. However, the company is suggesting that one may be made available in the next security patch in April. Meanwhile, it will be publishing a series of mitigations for both companies and general consumers to take if they feel targeted. (Source: Microsoft via ZDNet)