Microsoft today acknowledged the existence of a critical security vulnerability in multiple versions of Windows and Windows Server. In a new security advisory, ADV200006, Microsoft explains that there are actually two remote code execution vulnerabilities that can crop up when the Adobe Type Manager Library tries to handle an Adobe Type 1 PostScript font. This can happen when a specially-crafted document is opened or even just previewed in the Windows Explorer Preview pane.
Regarding which versions of Windows are affected by the vulnerability, it seems that most recent versions of Windows - from Windows 7 to Windows 10 version 1909, including versions for ARM-based devices - are affected. Likewise, most recent versions of Windows Server, from Windows Server 2008 to Windows Server 2019, as well as Windows Server versions 1803, 1903, and 1909, are all affected. However, Microsoft says that, for supported versions of Windows 10, an attack could only allow for code execution within an AppContainer context, which has limited capabilities and privileges.
As you'd expect, Microsoft is working on a fix, but it's not promising a specific date for the fix to be released. In the meantime, there are a handful of workarounds. For example. disabling the Details and Preview panes of Windows Explorer can prevent malicious files from being viewed before they're opened, so it isn't as easy to be attacked. Disabling the WebClient service is also a possible workaround, and finally, renaming the ATMFD.DLL file may also help.
New security updates are typically released on the second Tuesday of each month, which is known as Patch Tuesday. That means you probably shouldn't expect a fix until the second Tuesday of April at the earliest.
3 Comments - Add comment