Table of Contents
Microsoft warned billions of Windows users of two critical 0-day vulnerabilities in all currently supported versions of Microsoft Windows, both server and desktop.
These vulnerabilities allow hackers to remotely take complete control over targeted computers in an AppContainer sandbox. The vulnerabilities are given a critical severity rating which is the highest Microsoft gives.
Both vulnerabilities are in the Windows Adobe Type Manager Library, a font parsing software that not only parses content when opened with a third-party software but is also used by Windows Explorer to display the content of a file in the ‘Details Pane’ or ‘Preview Pane’ without users having to open it.
The company is aware of the issues and working on patches that are typically released on the second Tuesday of the month. Although, Microsoft sometimes releases emergency patches outside of that schedule for critical flaws. We hope this could be one of those cases.
In the meantime here are some workarounds for you to mitigate the risk of getting hacked
Disable the Details Pane and Preview Pane in Windows Explorer
- Open Windows Explorer, click Organize and then click Layout.
- Clear both the Details pane and Preview pane menu options.
- Click Organize, and then click Folder and search options.
- Click the View tab.
- Under Advanced settings, check the Always show icons, never thumbnails box.
- Close all open instances of Windows Explorer for the change to take effect.
Disable WebClient to prevent attacks through WebDAV client service.
- Click Start, click Run (or press the Windows Key and R on the keyboard), type Services.msc and then click OK.
- Right-click WebClient service and select Properties.
- Change the Startup type to Disabled. If the service is running, click Stop.
- Click OK and exit the management application.
Rename or Disable ATMFD.DLL
Microsoft is also urging users to rename the Adobe Type Manager Font Driver (ATMFD.dll) file to temporarily disable the embedded font technology, which could cause certain 3rd-party apps to stop working.
Enter the following commands at an administrative command prompt:
For 32-bit system:
cd "%windir%system32"
takeown.exe /f atmfd.dll
icacls.exe atmfd.dll /save atmfd.dll.acl
icacls.exe atmfd.dll /grant Administrators:(F)
rename atmfd.dll x-atmfd.dll
For 64-bit system:
cd "%windir%system32"
takeown.exe /f atmfd.dll
icacls.exe atmfd.dll /save atmfd.dll.acl
icacls.exe atmfd.dll /grant Administrators:(F)
rename atmfd.dll x-atmfd.dll
cd "%windir%syswow64"
takeown.exe /f atmfd.dll
icacls.exe atmfd.dll /save atmfd.dll.acl
icacls.exe atmfd.dll /grant Administrators:(F)
rename atmfd.dll x-atmfd.dll
We will share further updates with you when we learn more and when there is a valid patch available for complete remediation of this security issue.
Stay updated on our LinkedIn page and stay healthy!
Your Friends at Bright
