cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

General Discussions

elstaci
MVP
‎03-23-2020 03:24 PM

Microsoft warns of Windows zero-day exploited in the wild BREAKING: Hackers are exploiting a zero-day in the Adobe Type Manager Library (atmfd.dll) that ships with the Windows OS.

Another Windows OS Malware that won't be patched until possibly by April Patch Tuesday: Microsoft warns of Windows zero-day exploited in the wild | ZDNet 

Hackers are exploiting a zero-day vulnerability in the Windows OS to take over systems, Microsoft said in a security alert today.

The zero-day is located in the Adobe Type Manager Library (atmfd.dll), a library that Microsoft uses to render PostScript Type 1 fonts inside Windows.

Microsoft says there are two remote code execution (RCE) vulnerabilities in this built-in library that allow attackers to run code on a user's system and take actions on their behalf.

All currently supported versions of the Windows and Windows Server operating systems are vulnerable, according to Redmond's security advisory. Windows 7, which is currently end-of-support, is also impacted.

"There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane," the company said.

The company described the current attacks exploiting this bug as "limited" and "targeted."

A patch is currently not available. Microsoft intimated that one might arrive during next month's Patch Tuesday -- currently scheduled for April 14.

In the meantime, Microsoft has published a series of mitigations that companies and home users can take if they believe they might be targeted with a Windows zero-day attack.

Mitigations include:

  • Disabling the Preview Pane and Details Pane in Windows Explorer
  • Disabling the WebClient service
  • Renaming ATMFD.DLL
9 Replies
elstaci
MVP
‎03-24-2020 07:28 AM

Found out that my Windows version 1909 doesn't have the affected file ATMFD.DLL but does have its co-partner ATMLIB.DLL.

I thought maybe my Windows was corrupted or missing the file but then I checked Windows 1909 Installation file inside INSTALL.ESD and ATMFD.DLL was also was missing.

Still my computer is at risk but I serious doubt I would be hacked. The hackers are going where the money is.

0 Likes
kingfish
In response to elstaci
MVP
‎03-24-2020 08:05 AM

What happened to our posts?

0 Likes
elstaci
In response to kingfish
MVP
‎03-24-2020 09:05 AM

I guess it looks like Ray or Hardcoregame didn't like the way the trend of the replies were going and deleted Hardcoregame's original reply which deleted all the replies connected to it including yours and mine.

just hypothesizing.

kingfish
In response to elstaci
MVP
‎03-24-2020 09:31 AM

Easy to fix:

Find Windows Explorer: / organize

Open 'Services':

pokester
MVP
‎03-24-2020 09:18 AM

Wow. I don't see how any of the work arounds help you if you rely on PS Type 1 fonts and most in the printing industry still use regularly. Hope they get this resolved quickly. I also hope they still fix it for Windows 7. I know there are still a lot of creative users hanging on to Windows 7 and Adobe CS6 as it was the last version not requiring an ongoing subscription. 

black_zion
In response to pokester
MVP
‎03-24-2020 09:28 AM

That's really the thing that's not talked about a lot as the reason people and businesses don't move to new versions of OSs, and it is the license costs involved, as they are often not transferable. Adobe is quite possibly the prime example, as if you don't use their subscription based service, it could cost you hundreds, or thousands, to upgrade to the new versions, and if you're a small business, say a wedding photographer or freelance photographer, that cost prohibits you from upgrading.

As for Windows 7, it's going to be fixed for the ones who subscribe to the updates, but if the mitigations really are as simple as renaming/deleting a DLL and disabling the details/previews pane, that's a pretty easy fix with minimal loss of functionality everyone else can use.

0 Likes
pokester
In response to kingfish
MVP
‎03-24-2020 04:42 PM

Reminds me of when they disabled preview of .wmf files for exploits the did the same with gadgets. This so called fix doesn't help you is you still open the document. 

0 Likes
black_zion
In response to pokester
MVP
‎03-24-2020 05:15 PM

WCCFTech added this today, and the way Windows 10 sandboxes, it can't really do anything.

0 Likes