Even though attackers can still exploit the vulnerability to run programs located on targeted computers or local area networks, users will be prompted for confirmation before arbitrary programs from the internet are opened, Microsoft said.
The vulnerability stems from the Adobe Type Manager Library, a Windows 10 DLL file used to manage fonts across various apps.
It is unclear how many systems have been targeted by the attack - however, Microsoft have said a patch will likely be available on April 14.
"Microsoft is aware of limited, targeted attacks that attempt to leverage this vulnerability", Monday's admitted in an advisory.
"Updates that address security vulnerabilities in Microsoft software are typically released on Update Tuesday, the second Tuesday of each month", the advisory reads.
Coronavirus: Trump announces two drugs will be available 'almost immediately'
THE FACTS: The drug, known chemically as chloroquine , has been available for decades to treat the mosquito-borne illness malaria. So what are chloroquine and hydroxychloroquine, and how could they help fight the new coronavirus?
'This predictable schedule allows for partner quality assurance and IT planning, which helps maintain the Windows ecosystem as a reliable, secure choice for our customers'.
To exploit the two security issues, attackers can either trick potential victims into opening maliciously crafted documents or to view them via the Windows Preview pane - the Outlook Preview Pane is NOT an attack vector. The company is now working on a patch to solve the issue.
The security flaw - which the tech firm has given a rating of "critical" - emerges in the way that Windows handles and renders fonts.
Microsoft has just announced the release of new optional patches for the latest versions of Windows 10. The company also clarifies that Windows 7 machines will only be patched for those with an extended security update license.
Until then, Microsoft suggests a few workarounds: disable the preview and details pane in Windows Explorer, disable the WebClient service, and rename ATMFD.DLL or disable the file from the registry.