news attackers exploiting font parsing code vulnerabilities as windows defender falters

Attackers exploiting font parsing code vulnerabilities as Windows Defender falters

Today, Microsoft issued a security advisory stating that the company “is aware of limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library.” There are reportedly two remote code execution vulnerabilities in all supported versions of Windows. These vulnerabilities are the result of the Windows Adobe Type Manger Library improperly handling the Adobe Type 1 PostScript format. If an attacker can get a user to open a specially crafted document or view it in the Windows Preview pane, the attacker can remotely run malware on the user’s device.

The vulnerabilities currently have no fix, but Microsoft says it is working on one. Unfortunately, it seems that it will be at least a few weeks until said fix is available. TechCrunch reached out to a Microsoft spokesperson who suggested that the fix would appear next Update Tuesday, which is April fourteenth. The severity of the vulnerabilities is marked as critical in the security advisory, which is Microsoft’s highest severity rating, so hopefully we’ll see a fix before Update Tuesday.

The security advisory suggests three mitigation strategies that can be taken until a fix is made available. The first of these is disabling the Preview and Details Panes in Windows Explorers so malicious OTF files won’t be automatically displayed. That said, this measure will not prevent a user from directly opening said files. Further mitigation involves disabling of the WebClient service, which blocks “the most likely remote attack vector through the Web Distributed Authoring and Versioning (WebDAV) client service.” The most drastic strategy is renaming ATMFD.DLL, which is the driver causing the vulnerabilities. However, renaming the file will break proper font presentation in some application and cause some other application to stop working altogether. Changing the registry can also be risky business. Full instructions for these mitigation measures are included in the security advisory.

Now is not a good time for attackers to be taking advantage of these vulnerabilities as a recently introduced Windows 10 bug can cause Windows Defender to seemingly not scan files or fail scans altogether. This bug seems to be present in Windows Defender version 4.18.2003 and newer. The bug has been reported in the Microsoft forums as well as multiple Reddit posts, but Microsoft has yet to acknowledge it.

6 responses to “Attackers exploiting font parsing code vulnerabilities as Windows Defender falters

  1. You guys are downvoting Chuckula but it’s true!

    The LaserWriter came out in 1985 with a 12MHz Motorola 68000. In comparison, Apple’s 1984 Mac had a 6MHz version of the same CPU and 128kB RAM, the Lisa also had the same chip but at 5MHz, and the Apple IIe had a 1MHz 6502/65C02.

  2. I remember when our college computer center got a printer with an AMD 29K processor in it. It was faster than the VAX that the students had access to. I know kids who learned to program in PostScript so that they could do calculations and have the results printed on one page. The computer center caught on and limited print rasterization to 10 seconds/page. Seems someone had printed a job the previous night that took over 12 hours.

  3. True story. Once upon a time the most powerful computer that Apple made* was built into the LaserWriter printer to allow it to interpret postscript so it could print in black & white.

    * Yes, more powerful than the original Macs that were connected to it.

Leave a Reply

Your email address will not be published.

Nathan Wasson

Nathan Wasson

Inquiring mind, tech journalist, car enthusiast, gamer.

Latest News

US Senators Allege Meta Allowed User Data Access To China and Russia

US Senators Allege Meta Allowed User Data Access to China and Russia

Microsoft To Power Bing And Edge With OpenAI Technology

Microsoft to Power Bing and Edge Browser With OpenAI Technology

Microsoft has released an update of its search engine Bing, driven by an improved version of the same AI technology that powers chatbot ChatGPT. The product is being released with...

pancakeswap (CAKE)
Blog, Cryptocurrency, Investments, News, Price Prediction

PancakeSwap Price Is Up 33% in 30 Days as February Begins – Here’s Why You Need to Buy Now!

Compared to the rest of the crypto market, PancakeSwap held its ground well during the severe bear market of 2022. The reason for this can probably be found in its...

eco crypto
Blog, Cryptocurrency, Investments

The 9 Best New Cryptocurrencies YOU NEED TO BUY in 2023

3.1 m memag
blockchain, Blog, Cryptocurrency, Gaming, Innovation, News

Meta Masters Guild (MEMAG) Hits 3.4 Million – Buy Now as Phase 6 Begins!

crypto reddit
Blog, Cryptocurrency, Investments, News, Price Prediction

7 Best Cryptocurrencies On Reddit To Invest In 2023

Blog, Cryptocurrency, Investments, Sustainability

The Clock is Ticking to Buy this Eco-Crypto – 7 Reasons C+Charge Will Explode Post-Presale!