Microsoft Alerts Of Zero-Day RCE Vulnerability In Windows 7 Under Exploit


Microsoft recently issued an alert for all Windows users regarding a serious vulnerability under attack. This zero-day vulnerability primarily threatens Windows 7 users.

Zero-Day RCE Vulnerability In Windows 7

Reportedly, Microsoft has issued an alert for all users regarding a vulnerability that ships with the Windows operating system. The bug exists in Adobe Type Manager Library (atmfd.dll) which facilitates rendering PostScript Type 1 fonts inside the OS.

What’s troublesome is that before catching the attention of the vendors for a fix, it attracted hackers. Hence, this vulnerability is now under active exploitation. Microsoft have noted the exploitation of this zero-day vulnerability against Windows 7.

As stated in their advisory,

Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.
There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.

Recommended Mitigation – Upgrade to Windows 10

At present, no immediate fix is available to patch the bug. Though Microsoft has assured they are working on it, with the patch  becoming available with the upcoming Patch Tuesday.

Until then, Microsoft shared various ways to mitigate this flaw. The most important being upgrading the system to Windows 10. Though some sources say the bug also exists in Windows 10, though the possibility of its exploitation isn’t likely.

Microsoft is not aware of any attacks against the Windows 10 platform. The possibility of remote code execution is negligible and elevation of privilege is not possible.

Windows 7 users may also apply the following workarounds.

  • Disable the Preview Pane and Details Pane in Windows Explorer. Though, this may affect the automatic display of OTF fonts.
  • Disable the WebClient service
  • Rename ATMFD.DLL

Let us know your thoughts in the comments.

The following two tabs change content below.

Avatar
Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar



Reference: Source link

Sr. SDET M Mehedi Zaman

Currently working as Sr. SDET at Robi Axiata Limited, a subsidiary of Axiata Group. As a Senior SDET: - Played a key role in introducing Agile Scrum methodology and implementing CI/CD pipeline to ensure quality & timely delivery. - Trained colleagues on emerging technologies, e.g. Apache Spark, Big Data, Hadoop, Internet of Things, Cloud Computing, AR, Video Streaming Services Technology, Blockchain, Data Science- Developed a test automation framework for Android and iOS apps - Developed an e2e web automation framework with Pytest - Performed penetration testing of enterprise solutions to ensure security and high availability using Kali, Burp Suite etc. - Learned Gauntlet security testing automation framework and shared the lesson learned in a knowledge sharing session

Leave a Reply

Your email address will not be published. Required fields are marked *