The security flaw - which the tech firm has given its highest severity rating of "critical" - emerges in the way that Windows handles and renders fonts.
"While this prevents malicious files from being viewed in Windows Explorer, it does not prevent a local, authenticated user from running a specially crafted program to exploit this vulnerability", Microsoft cautions. Attackers could exploit the Adobe Type 1 PostScript format vulnerability by convincing a user to open a specially crated documents or viewing it in the Windows Preview pane, according to Microsoft.
Hopefully, the latter will bring a fix for the critical vulnerabilities that Microsoft recently discovered in all recent versions of Windows.
Based on previous form, a patch is most likely to arrive next month as part of the Microsoft's regular Patch Tuesday update, but we can't be certain of this - especially in these most uncertain times.
The software giant typically releases its security fixes on the second Tuesday of each month, but occasionally issues out-of-band patches in severe cases.
"This predictable schedule allows for partner quality assurance and IT planning, which helps maintain the Windows ecosystem as a reliable, secure choice for our customers", Microsoft added.
NZ prepares for unprecedented virus lockdown - 36 new Covid-19 cases
But Ms Ardern says it's better to introduce harsh measures now rather than watch the number of cases skyrocket over time. New Zealand's opposition National Party said it had put on hold its campaign for a general election on 19 September.
'Microsoft is aware of this vulnerability and working on a fix, ' the security advisory continued.
The next patch Tuesday is scheduled to fall on April 14, 2020.
Until the patch is issued, you can avoid being targeted by not downloading files from unreliable sites/sources.
Microsoft recommended several mitigations Windows users can take, including disabling the Preview Pane and Details Pane in Windows Explorer, disabling the WebClient service and renaming atmfd.dll.
Windows version 7, 8.1, RT 8.1, 10 are vulnerable to the remote code execution flaws, along with Windows Server 2008 service pack 2 onwards.