Zero-day vulnerabilities in Adobe Type Manager Library affects multiple Windows OSs
#1
Exclamation 
Quote:
[Image: windows-adobe-type-manager-vulnerability-featured.jpg]

Microsoft has posted a security advisory about vulnerabilities in Adobe Type Manager Library, which are already being exploited by cybercriminals.

Microsoft has issued a warning about two new vulnerabilities in the Adobe Type Manager Library. Moreover, according to their information, some attackers are already exploiting them in targeted attacks.

What is Adobe Type Manager Library and how is it vulnerable

There were times when, to see proprietary Adobe fonts in Windows, you had to install additional software — Adobe Type Manager. This was not very convenient for the end users, so Adobe eventually opened the specifications for its formats and Microsoft built the font support into its operating systems. This is what Windows Adobe Type Manager Library is used for.

According to Microsoft, the problem is in how the library handles fonts of one particular format — Adobe Type 1 PostScript fonts. An attacker can craft a Type 1 PostScript font in such a way, that they gain the ability to execute arbitrary code on a Windows machine. There are several attack vectors to exploit the vulnerability — attackers can somehow convince the victim to open a malicious document or simply to view it through the “Preview Pane” (this refers to the system pane, and not to a similar function in the Microsoft Outlook mail client).

Attackers also can exploit this vulnerability through an extension to the HTTP called Web Distributed Authoring and Versioning (WebDAV), which allows users to collaborate on a document.

Microsoft suggests disabling the WebClient service, which allows you to use this feature, and stresses that this is the most likely remote attack vector.

Which systems are vulnerable

The vulnerability is present in 40 different versions of the operating systems Windows 10, Windows 7, Windows 8.1, Windows Server 2008, Windows Server 2012, Windows Server 2016 and Windows Server 2019. Microsoft security advisory ADV200006 contains a full list of vulnerable systems.

However, the company explains that in supported versions of Windows 10 a successful attack will only allow malicious code to be executed in the context of the AppContainer sandbox with limited privileges and capabilities.

Is there a patch?

As of the time of publishing this post, the vulnerability in Adobe Type Manager Library was not patched by Microsoft. However, Microsoft plans to release a patch on the next Patch Tuesday, which is April 14th. As soon as this happens, we will update the post.

What to do

From our side, we suggest using a reliable security solution to protect e-mail (since this is the most common method of delivering malicious documents) and also have a protective endpoint solution that can stop malicious activity including exploits. Both tasks can be handled by Kaspersky Endpoint Security for Business advanced. It goes without saying that it’s better not to open documents and e-mail attachments if you are not sure where they came from.

As there are no patches yet, so Microsoft suggests using the following workarounds.

* Turn off the preview and detail panes.
* Turn off Webclient service (which will disable WebDAV).
* Disable ATMFD.DLL library

You can find detailed instructions on how to do all three of these in Microsoft’s security guidance. It’s worth noting that disabling the Webclient service will result in WebDAV requests not being handled and applications relying on WebDAV will not be working correctly. The same is true for disabling ATMFD.DLL — applications that use it will not be working correctly in this case.
...
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06
GFYI [Official] Revo Uninstaller Pro v5...
"Share feedback...damien76 — 09:01
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...damien76 — 08:56
GFYI [Official] IObit Christmas 2024 Bl...
Merry Christmas and ...damien76 — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>