Another day ! Another 0 day !

Hackers are exploiting a zero-day vulnerability in the Windows OS to take over systems.

The zero-day is located in the Adobe Type Manager Library (atmfd.dll), a library that Microsoft uses to render PostScript Type 1 fonts inside Windows.

Microsoft says there are two remote code execution (RCE) vulnerabilities in this built-in library that allow attackers to run code on a user’s system and take actions on their behalf.

“There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane,” the company said.

The company described the current attacks exploiting the zero-day as “limited” and “targeted.”

All currently supported versions of the Windows and Windows Server operating systems are vulnerable; however, the zero-day is less effective in Windows 10, where the atmfd.dll file is either not present, or runs inside an AppContainer sandbox with limited privileges and capabilities.

Windows 7, which is currently end-of-support, is also impacted.

Security updates are currently not available. Microsoft intimated that they might arrive during next month’s Patch Tuesday.

To mitigate, Microsoft has published a series of mitigations that companies and home users can take if they believe they might be targeted with a Windows zero-day attack.

Mitigations include:

1.Disabling the Preview Pane and Details Pane in Windows Explorer
2.Disabling the WebClient service
3.Renaming ATMFD.DLL

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s