Microsoft warns that a zero-day exploit exists in Windows, says fix is coming
Microsoft is warning users about a new exploit that exists in Windows. In an advisory posted on its MSRC website this week, the company warned that the exploit takes advantage of the software’s Adobe Type Manager Library that ships with the OS.
Microsoft warns that the limited, targeted attack occurs when the Library “improperly handles a specially crafted multi-master font – Adobe Type 1 PostScript format” adding that there are “multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.”
Microsoft says it is “aware of this vulnerability and working on a fix,” adding in the document that it is sharing the information to “help reduce customer risk until the security update is released.”
The company usually addresses security vulnerabilities “on Update Tuesday, the second Tuesday of each month.”
Impacted versions include Windows 7, 8, 8.1, RT and Windows 10 as well as Windows Server 2008, 2012, 2016 and 2019.
While the company says that Windows 10 is less likely to be impacted, particularly the most recent versions which have the vulnerable atmfd.dll code either not present or running in a sandbox with limited privileges, to help mitigate the issue until a patch is released the company details a workaround to disable the Preview pane in Windows Explorer.
In Windows 10 this can be done by:
- Open Windows Explorer, click the View tab.
- Clear both the Details pane and Preview pane menu options.
- Click Options, and then click Change folder and search options.
- Click the View tab.
- Under Advanced settings, check the Always show icons, never thumbnails box.
- Close all open instances of Windows Explorer for the change to take effect.
To re-do the workaround and re-enable Preview pane, follow the same steps but when in Advanced Settings “clear the Always show icons, never thumbnails box.”
Similar steps for other versions of Windows can be found here.