Josey Wales said:

What about those that are not going to upgrade to 19H1?

and in addition...

How about people, who do want to update in April; MS just going to leave them hanging until April? That's not right, even, if the referenced article states:

The good news is that this vulnerability can lead to remote code execution, but is not remotely exploitable, as it requires user interaction first.

ZDNet reached out to a few malware researchers about this zero-day today, and they explained that the vulnerability can be weaponized in a way that can be used for mass malware distribution campaigns.

Ok, which is it then?
Oh yes, blaming the end user for the security vulnerability not fixed by the vendor is always a good option...

Hello,

Related to "Microsoft Windows VCF Remote Code Execution [ZDI-19-013 ZDI-CAN-6920]" see below a Workaround.

Everyone has understood this topic relayed from everywhere, but, the fact of setting up a temporary solution or a workaround would be interesting because the '0day' definition that means that too I think.

Related to this vulnerability, see below a possible workaroud:
- on your computer or virtual machine create an 'http' directory in the root of system volume 'c:\' and update the access control list of the 'http' folder 'everyone: none' (no access to everyone).
- on your computer or or virtual machine create an 'http' directory in the root of profile volume 'C:\Users\<username>\Contacts' and update the access control list of the 'http' folder 'everyone: none' (no access to everyone).

Done.

<< Everyone is right from his own standpoint but it is not impossible that everyone is wrong. >> [Mahatma Gandhi]
I agree, but from this basic concept, who is everyone?