Attackers are exploiting two new zero-days in the Windows Adobe Type Manager Library to achieve remote code execution on targeted Windows systems, Microsoft warns.
The attacks are limited and targeted, the company noted, and provided workarounds to help reduce customer risk until a fix is developed and released.
More about the new Windows zero-days
According to the security advisory published on Monday, the vulnerabilities arise from the affected library’s improper handling of a specially-crafted multi-master font – Adobe Type 1 PostScript format.
“There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane,” the company shared, and said that the Outlook Preview Pane is not an attack vector for this vulnerability.
The flaws affect:
Windows RT 8.1
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2019
Windows Server, version 1803
Windows Server, version 1903
Windows Server, version 1909
“For systems running supported versions of Windows 10 a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities,” Microsoft added.
Mitigations and workarounds
Enhanced Security Configuration, which is on by default on Windows Servers, does not mitigate the vulnerabilities.
Offered workarounds include disabling the Preview Pane and Details Pane in Windows Explorer, disabling the WebClient service, and renaming the ATMFD.DLL file. Microsoft explains how to do all that and the impacts of these workarounds in the security advisory.
The company did not offer more details about the attacks nor did it say when the security updates will be released, bu ..