Yesterday, Microsoft security advisory team addressed two new critical security vulnerabilites present in their Windows operating systems affecting Windows 7/8.1/10 and Windows Server versions 2008/2008 R2/2012/2012 R2/2016/2019 that could allow hackers to perform remote code execution (RCE) attacks on Windows users.
“Yes, Microsoft is aware of limited, targeted attacks that attempt to leverage this vulnerability”.
As reported in Microsoft advisory (ADV200006), these “two RCE vulnerabilities are present Microsoft Windows when the Windows Adobe Type Manager Library as it improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format”.
The vulnerability can be exploited by tricking a victim into opening a specially-crafted malicious document or view it in the Windows Preview pane.
By opening this document, an attacker can take full control of the victim’s device by remotely running malware or executing malicious code.
Microsoft is still working on the fixes leaving billions of devices running on Windows un-patched.
In case of Windows 7 users, only enterprise users with extended security support will recieve the patches.
In the meantime, the security advisory has provided a temporary workaround until patches are released for these vulnerabilities.
- Disable the Preview Pane and Details Pane in Windows Explorer (WE)
- Disable the WebClient service
- Rename ATMFD.DLL
- Disable ATMFD.DLL using the registry editor for Windows 8.1 and below versions.
Microsoft told Techcrunch that the security patches will be provided to users in an update by April 14.
Source: Microsoft Security Advisory