Attackers are exploiting two new zero-days in the Windows Adobe Type Manager Library to achieve remote code execution on targeted Windows systems, Microsoft warns.

The attacks are limited and targeted, the company noted, and provided workarounds to help reduce customer risk until a fix is developed and released.

More about the new Windows zero-days

According to the security advisory published on Monday, the vulnerabilities arise from the affected library’s improper handling of a specially-crafted multi-master font – Adobe Type 1 PostScript format.