Microsoft just warned the community about ongoing zero-day exploitation. The vulnerability in this incident is found in Adobe’s Type Manager Library (atmfd.dll), which is used by many programs to render different fonts. The maker says the attack is currently limited and targeted and suggests few methods to safeguard from it until a patch arrives. Several versions of Windows 10 and Server OS are affected by this flaw.
The Flaw and Workarounds
Adobe Type Manager Library (atmfd.dll) is actively used by Microsoft and other third-party apps for rendering PostScript Type 1 fonts. And the vulnerability was discovered when this library (DLL) improperly handled the Adobe Type 1 PostScript format, which is a specially-crafted multi-master font. Microsoft says this is being exploited by attackers as zero-day vulnerability and performing remote code execution (RCE) attacks.
This couldn’t be the mistake of Adobe, as this DLL ships along with Windows OS by default. Thus, it’s Microsoft’s concern about checking its integrity. Now, the firm says attacks are happening to targeted and limited systems, which are vulnerable. And these are most of the Windows 10, Windows 7 and Windows server OS PCs.
After exploring the flaw, an attacker shall send a malicious file as a specially crafted document, that needs to be opened or viewed in the preview pane. This allows the dump to be executed and take over PC, with the attacker gaining internal access and performing admin activities on behalf of the user. While this is in wild already, Microsoft says it’s working on a patch that could be released in its next update as Monthly Tuesday Patch, scheduled on April 14th, 2020.
Until then, here’s what Microsoft suggested as workarounds:
- Disabling the WebClient service;
- Disabling the Preview Pane and Details Pane in Windows Explorer or
- Renaming ATMFD.DLL