Microsoft Alerts Users About Critical Font-related Remote Code Execution Vulnerability in Windows
March 24, 2020
Microsoft released a on a zero-day remote code execution (RCE) vulnerability affecting Windows operating systems. The vulnerability is found in an unpatched library.The vulnerability comprises two RCE flaws found in Adobe Type Manager Library (atmfd.dll), a built-in library for the Adobe Type Manager font management tool in Windows. The library is used to render fonts using the Adobe Type 1 PostScript format, the mishandling of which results in a vulnerability.
Threat actors can exploit the vulnerability in a variety of ways, such as luring users into opening a specially crafted document or viewing it in the Windows Preview pane. Upon exploiting the vulnerability, threat actors can run code and perform actions on the user’s system, unbeknown to the user.
Because it can be used for RCE, Microsoft rated the severity of this vulnerability as critical, although the company described the attacks that could exploit it as limited and targeted. All currently supported versions of Windows are affected.
Earlier this month, Microsoft found and patched an RCE flaw in its .
Vulnerability Workarounds
While there is no fix yet, Microsoft recommended mitigations and workarounds in its , including step-by-step instructions on how to apply them. The workarounds include the following:
- Disable the Preview Pane and Details Pane in Windows Explorer. This prevents the automatic display of OpenType fonts (OTFs) in Windows Explorer and the viewing of malicious files. However, it doesn’t stop local, authenticated users from running specially crafted programs that exploit the vulnerability.
- Disable the WebClient service. This blocks remote attacks coursed through the Web Distributed Authoring and Versioning (WebDAV) client service. After the application of this workaround, remote attackers can still run programs on a user’ computers or local area network (LAN). But this time, a confirmation will be requested from the user before launching arbitrary programs from the internet.
- Rename atmfd.dll through an administrative command prompt. This is not available for Windows 10 version 1709 and subsequent versions.
live casino online Solutions
live casino online users and customers are protected from the exploitation of this vulnerability with the following rule:- Deep Security?and?Vulnerability Protection?Rule?1010207 - Microsoft Windows Multiple Type1 Font Parsing Remote Code Execution Vulnerabilities
- TippingPoint?Filter?37431: HTTP: Microsoft Windows Type 1 PostScript Parsing Memory Corruption Vulnerability
Updated on March 24, 2020 09:00 PM EST to include live casino online solutions.
HIDE
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
Posted in Vulnerabilities & Exploits, Patching
Recent Posts
- Unveiling AI Agent Vulnerabilities Part II: Code Execution
- Unveiling AI Agent Vulnerabilities Part I: Introduction to AI Agent Vulnerabilities
- The Ever-Evolving Threat of the Russian-Speaking Cybercriminal Underground
- From Registries to Private Networks: Threat Scenarios Putting Organizations in Jeopardy
- Trend 2025 Cyber Risk Report
Cellular IoT Vulnerabilities: Another Door to Cellular Networks
AI in the Crosshairs: Understanding and Detecting Attacks on AWS AI Services with Trend Vision One?
Trend 2025 Cyber Risk Report
CES 2025: A Comprehensive Look at AI Digital Assistants and Their Security Risks