Windows users under attack via two new RCE zero-days - Help Net Security

Windows users under attack via two new RCE zero-days - Help Net Security

Attackers are exploiting two new zero-days in the Windows Adobe Type Manager Library to achieve remote code execution on targeted Windows systems, Microsoft warns.



The attacks are limited and targeted, the company noted, and provided workarounds to help reduce customer risk until a fix is developed and released.


More about the new Windows zero-days


According to the security advisory published on Monday, the vulnerabilities arise from the affected library’s improper handling of a specially-crafted multi-master font – Adobe Type 1 PostScript format.


“There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane,” the company shared, and said that the Outlook Preview Pane is not an attack vector for this vulnerability.


The flaws affect:


Windows 10
Windows 8.1
Windows 7
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows 2016
Windows Server 2019
Windows Server, version 1803
Windows Server, version 1903
Windows Server, version 1909

“For systems running supported versions of Windows 10 a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities,” Microsoft added.


Mitigations and workarounds


Enhanced Security Configuration, which is on by default on Windows Servers, does not mitigate the vulnerabilities.


Offered workarounds include disabling the Preview Pane and Details Pane in Windows Explorer, disabling the WebClient service, and renaming the ATMFD.DLL file. Microsoft explains how to do all that and the impacts of these workarounds in the security advisory.


The company did not offer more details about the attacks nor did it say when the security updates will be released, bu ..