Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

Microsoft: Targeted Attackers Are Exploiting Two Zero-Day Bugs

Microsoft is warning that targeted attackers are exploiting two Windows zero-day vulnerabilities in the wild.

Issued on Monday, the security advisory flags two previously undisclosed remote code execution (RCE) bugs. The flaws exist in Microsoft Windows when “the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.”

The vulnerabilities are rated critical and are present in Windows 7-10 and Server 2008 to 2019.

“There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially-crafted document or viewing it in the Windows Preview pane,” Microsoft explained.

“Microsoft is aware of this vulnerability and working on a fix. Updates that address security vulnerabilities in Microsoft software are typically released on Update Tuesday, the second Tuesday of each month.”

Until a patch is available, Microsoft is recommending customers disable the Preview Pane and Details Pane in Windows Explorer, which will mean OTF fonts are no longer automatically displayed.

Another workaround suggested in the security advisory is to disable the WebClient service, which will block what Microsoft described as the “most likely remote attack vector”: the Web Distributed Authoring and Versioning (WebDAV) client service.

However, doing so will mean WebDAV requests aren’t transmitted and any services depending on WebClient won’t start.

A third workaround is to rename ATMFD.DLL, although this doesn’t apply to Windows 10, which doesn’t run the DLL. If organizations decide to go down this path they should be aware that applications that rely on embedded font technology will not display properly.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Norwegian Cruise Line Suffers Data Breach

2
News

Leaked Plans Reveal Mirai-Like Russian IoT Botnet

3
News

CEO Claims More Fake LinkedIn Users Are Claiming to be Employees

4
News

Don't Fall for the WhatsApp Gold Scam

5
News

Military Secrets Exposed by UK Printing Company

6
News

Sextortion Scam Threatens to Infect Victims with #COVID19

1
Interview

Interview: Len Shneyder, Co-Chair, Election Security Working Group, M3AAWG

2
Blog

Improving Cyber-Risk Management with ISO 27001 and the 10 Steps to Cybersecurity

3
News

Public ICS Intrusion Tools “Lower the Bar” for Hackers

4
News

Microsoft: Targeted Attackers Are Exploiting Two Zero-Day Bugs

5
News

Interpol Seizes $14m in Fake #COVID19 Pharma Goods

6
News

33% of UK Orgs Lack Tech Infrastructure for Long-Term Remote Working

1
Webinar

2FA or MFA: Which Authentication is Right for Your Business?

2
Webinar

Gain Control and Security of Your File Collaboration

3
Webinar

Zero Trust: A Cybersecurity Essential and the Key to Success

4
Webinar

The Impact of #COVID19 on the Infosec Industry

5
Webinar

Using SIEM to Protect Against Top Cybersecurity Threats

6
Webinar

AI in Security: Keeping Up with the Trend

1
Blog

Security by Sector: NHS Digital and Egress Partner to Strengthen Healthcare Email Processes

2
Interview

Interview: Paul Vixie, CEO, Farsight Security

3
Opinion

Working from Home Policies and the Future of Cybersecurity

4
Webinar

Automation in Data File Transfer: Improving Security and Saving You Time

5
Opinion

#HowTo Reduce Your Ransomware Attack Surface

6
Webinar

Gain Control and Security of Your File Collaboration