The safety of billions of Windows OS users could be at risk. Of late, Microsoft is warning users of all supported versions of the Windows operating system. Microsoft recently issued a security advisory warning users of a critical security threat produced by two new unpatched zero-day vulnerabilities present in the Windows operating system.
Vulnerabilities in Adobe Type Manager Library
Both vulnerabilities exist within the way that Windows parses OpenType fonts using the Adobe Type Manager Library. Microsoft has already acknowledged the security threat they pose to Windows users. Microsoft is currently working on a fix.
In its security advisory, Microsoft wrote:
“Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.”
According to Microsoft, both the vulnerabilities in the Adobe Type Manager Library are critical and can be exploited in limited, targeted attacks.
These vulnerabilities affect users of all supported versions of the Windows operating system. For example, Windows 10, Windows 8.1 / RT 8.1, Windows Server 2008 / 2012 / 2012 RT / 2016 / 2019 remain vulnerable. They also affect users of Windows 7.
Microsoft officially ended the support for the Windows 7 operating system last month. However, most of the antivirus software solutions will continue to support Windows 7 for at least two years.
Microsoft warns there are multiple ways attackers could exploit the vulnerability to remotely gain control over targeted computers. Attackers could employ techniques such as convincing users to open a specially crafted document or viewing it in the Windows Preview pane.
Meanwhile, Microsoft has provided Windows users with a workaround to take the edge off the risk. Microsoft has recommended users to disable the Preview pane and Details pane in Windows Explorer:
- Open Windows Explorer > Click Organize > Click Layout.
- Cleared Details pane and Preview pane menu options.
- Navigate to Organize > Folder > search options.
- Under Advanced settings, check the Always show icons, never thumbnails box.
- Close Windows Explorer for the change to take effect.
Additionally, Microsoft has also advised users to disable the WebClient service and rename the Adobe Type Manager Font Driver DLL file (ATMFD.dll).
- Tags: Vulnerability