The problem is with the Adobe Type Manager Library, which is used to render fonts. To carry out an attack, an attacker just needs to create a special document with Adobe Type 1 PostScript fonts and force the victim to open it at least in preview mode.
Microsoft is already aware of attacks through this vulnerability, but the patch will be released no earlier than April 14 next Patch Tuesday. The bug is rated as critical, that is, it is assigned the highest degree of danger.
So far, Microsoft has been proposing several temporary measures to close the gap: disable preview in Explorer, disable the WebClient service, or rename the ATMFD.DLL library.