November 30, 2022


Thinking Security ! Always

Another day ! Another 0 day !

Hackers are exploiting a zero-day vulnerability in the Windows OS to take over systems.

The zero-day is located in the Adobe Type Manager Library (atmfd.dll), a library that Microsoft uses to render PostScript Type 1 fonts inside Windows.

Microsoft says there are two remote code execution (RCE) vulnerabilities in this built-in library that allow attackers to run code on a user’s system and take actions on their behalf.

“There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane,” the company said.

The company described the current attacks exploiting the zero-day as “limited” and “targeted.”

All currently supported versions of the Windows and Windows Server operating systems are vulnerable; however, the zero-day is less effective in Windows 10, where the atmfd.dll file is either not present, or runs inside an AppContainer sandbox with limited privileges and capabilities.

Windows 7, which is currently end-of-support, is also impacted.

Security updates are currently not available. Microsoft intimated that they might arrive during next month’s Patch Tuesday.

To mitigate, Microsoft has published a series of mitigations that companies and home users can take if they believe they might be targeted with a Windows zero-day attack.

Mitigations include:

1.Disabling the Preview Pane and Details Pane in Windows Explorer
2.Disabling the WebClient service
3.Renaming ATMFD.DLL

%d bloggers like this: