Attackers exploiting font parsing code vulnerabilities as Windows Defender falters

Today, Microsoft issued a security advisory stating that the company “is aware of limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library.” There are reportedly two remote code execution vulnerabilities in all supported versions of Windows. These vulnerabilities are the result of the Windows Adobe Type Manger Library improperly handling the Adobe Type 1 PostScript format. If an attacker can get a user to open a specially crafted document or view it in the Windows Preview pane, the attacker can remotely run malware on the user’s device.

The vulnerabilities currently have no fix, but Microsoft says it is working on one. Unfortunately, it seems that it will be at least a few weeks until said fix is available. TechCrunch reached out to a Microsoft spokesperson who suggested that the fix would appear next Update Tuesday, which is April fourteenth. The severity of the vulnerabilities is marked as critical in the security advisory, which is Microsoft’s highest severity rating, so hopefully we’ll see a fix before Update Tuesday.

The security advisory suggests three mitigation strategies that can be taken until a fix is made available. The first of these is disabling the Preview and Details Panes in Windows Explorers so malicious OTF files won’t be automatically displayed. That said, this measure will not prevent a user from directly opening said files. Further mitigation involves disabling of the WebClient service, which blocks “the most likely remote attack vector through the Web Distributed Authoring and Versioning (WebDAV) client service.” The most drastic strategy is renaming ATMFD.DLL, which is the driver causing the vulnerabilities. However, renaming the file will break proper font presentation in some application and cause some other application to stop working altogether. Changing the registry can also be risky business. Full instructions for these mitigation measures are included in the security advisory.

Now is not a good time for attackers to be taking advantage of these vulnerabilities as a recently introduced Windows 10 bug can cause Windows Defender to seemingly not scan files or fail scans altogether. This bug seems to be present in Windows Defender version 4.18.2003 and newer. The bug has been reported in the Microsoft forums as well as multiple Reddit posts, but Microsoft has yet to acknowledge it.

0 0 vote
Article Rating
Nathan Wasson

Inquiring mind, tech journalist, car enthusiast, gamer.

Subscribe
Notify of
guest
6 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Klumpo
1 year ago

So many bugs in Windows 10 since Microsoft sacked their qa team and introduced the feedback tool 😣

chuckula
chuckula
1 year ago

True story. Once upon a time the most powerful computer that Apple made* was built into the LaserWriter printer to allow it to interpret postscript so it could print in black & white.

* Yes, more powerful than the original Macs that were connected to it.

chuckula
chuckula
1 year ago
Reply to  chuckula

Ah lots of downthumbs from the kiddies who are stuck at home I see.

willmore
willmore
1 year ago
Reply to  chuckula

I remember when our college computer center got a printer with an AMD 29K processor in it. It was faster than the VAX that the students had access to. I know kids who learned to program in PostScript so that they could do calculations and have the results printed on one page. The computer center caught on and limited print rasterization to 10 seconds/page. Seems someone had printed a job the previous night that took over 12 hours.

Wirko
Wirko
1 year ago
Reply to  chuckula

They tried again in 2013 but the most powerful super*computer (1) couldn’t really print and (2) wasn’t really usable as a waste basket.
* https://www.cultofmac.com/232391/you-can-already-turn-the-new-mac-pro-into-a-supercomputer-with-this-server-rack/

jihadjoe
jihadjoe
1 year ago
Reply to  chuckula

You guys are downvoting Chuckula but it’s true!

The LaserWriter came out in 1985 with a 12MHz Motorola 68000. In comparison, Apple’s 1984 Mac had a 6MHz version of the same CPU and 128kB RAM, the Lisa also had the same chip but at 5MHz, and the Apple IIe had a 1MHz 6502/65C02.

6
0
Would love your thoughts, please comment.x
()
x

Pin It on Pinterest

Share This