Hackers Are Exploiting Previously Undisclosed Windows Vulnerability

Share

Microsoft - the maker of the OS - has warned that the platform carries a critical vulnerability, which is being actively exploited by hackers sending malicious files.

All supported versions of Windows - including Windows 10 and Windows Server 2008 up until Windows Server 2019 - are affected. Attackers could exploit the Adobe Type 1 PostScript format vulnerability by convincing a user to open a specially crated documents or viewing it in the Windows Preview pane, according to Microsoft. The remote code execution flaw stems from the way Windows handles and renders fonts using the Adobe Type Manager Library.

However, Microsoft mentioned the advisory that it witnessed "limited, targeted" attacks until now but hasn't disclosed the hacker (s) behind the attacks. "Updates that address security vulnerabilities in Microsoft software are typically released on Update Tuesday, the second Tuesday of each month".

As we're getting closer to April, we're also looking forward to seeing if Microsoft will start rolling out Windows 10 version 2004 next month.

Coronavirus: California governor issues statewide 'stay at home' order
The governor's announcement comes after Los Angeles and Bay Area counties issued "shelter-in-place" mandates to their residents. Restaurants can still provide take-out and delivery, and food banks will still operate.

On Monday, Microsoft said it's "aware of limited targeted attacks" abusing the two flaws - both of which remain unpatched. The workarounds are pretty straight forward, varying from disabling the Windows preview pane, or disabling the WebClient service, to renaming atmfd.dll so it isn't used by the system.

Users of Windows 7, Windows Server 2008, or Windows Server 2008 R2 are required to have an ESU license to receive future security updates fixing these issues (more information here). The operating system versions that are affected by this vulnerability are listed below. For example, disabling the preview pane in Windows Explorer will prevent a malicious file from being viewed, but it doesn't stop local attacks and Open Type fonts won't be automatically displayed. "This means that they have issued a security advisory, but they will have to hustle to get the patch ready as soon as possible".

Disable the WebClient service will block any remote attempts to exploit a system but attackers who are already inside the PC can run apps on the computer or LAN.

Share