Microsoft is warning of critical zero-day flaws in its Windows operating device that might permit remote code execution. The unpatched flaws are being exploited by attackers in "restrained, targeted" assaults, the tech giant said.
According to Microsoft, far-flung code execution vulnerabilities exist in the way that Windows' Adobe Type Manager Library handles specific fonts. Adobe Type Manager is a font management tool constructed into both Mac OS and Windows operating systems and produced by Adobe. While no patches are available for the flaws, workaround mitigations can shield users.
Micosoft 'Aware' of Attacks in Adobe Type Manager Library
In a statement on Monday, Mar. 23, Microsoft said the tech giant is aware of limited, targeted attacks that could cause unpatched vulnerabilities in the Adobe Type Manager Library. The tech giant added it would be providing the following guidance to help reduce customer risk until the security update is released.
Specifically, the flaw exists as the Windows version of Adobe Type Manager Library improperly handles a mainly-crafted multi-master font known as the Adobe Type 1 PostScript format.
Microsoft is aware of limited targeted attacks that could leverage unpatched vulnerabilities in the Adobe Type Manager Library, and is providing guidance to help reduce customer risk until the security update is released. See the link for more details. https://t.co/tUNjkHNZ0N — Security Response (@msftsecresponse) March 23, 2020
There are multiple approaches an attacker should exploit the vulnerabilities, Microsoft stated. For example, an attacker ought to persuade a consumer to open an individually crafted document or view it in the Windows Preview pane. Windows Preview pane is utilized by the Windows Explorer report manager utility to preview pictures, videos, and other content.
All presently-supported versions of Windows are affected, such as Windows 10, and below. Windows 7 is likewise affected, though it has reached quit of support, stated Microsoft.
While no patches are to be had yet, Microsoft endorsed a slew of mitigations and workarounds. That consists of disabling the preview pane and information pane in Windows. Blocking this will mean that Windows Explorer (or File Explorer in Windows 10) will now not automatically display OpenType fonts.
Microsoft said disabling the Preview and Details panes in Windows Explorer prevents the automatic show of OTF fonts in Windows Explorer.
Other workarounds include disabling the WebClient provider. Microsoft said that disabling this service blocks the Web Distributed Authoring and Versioning (WebDAV) client service, which is a "likely far-flung assault vector." WebDAV is an HTTP extension that permits clients to carry out far-flung Web content authoring operations.
After applying this workaround, Microsoft said remote attackers who efficiently make the most this vulnerability through a person's computer or the Local Area Network (LAN) is still possible.
However, the tech giant said users may be caused for confirmation earlier than commencing arbitrary packages from the Internet.
Another workaround is renaming ATMFD.DLL (the file name of Adobe Type Manager Font Driver), said Microsoft. The organization also mentioned that for systems supporting Windows 10, a hit assault could only bring code execution inside an AppContainer sandbox context with limited privileges and capabilities.
Microsoft said it's far currently running on an update and that a patch would possibly come throughout its regularly scheduled Patch Tuesday updates.
"Updates that address security vulnerabilities in Microsoft software program are usually launched on Update Tuesday, the second one Tuesday of every month," Microsoft said. "This anticipated schedule allows for partner quality warranty and IT planning, which helps preserve the Windows surroundings as a reliable, secure preference for our customers."