Windows Font Parsing Zero Days Get Temporary Fix

[correlate]

Level 18
Thread author
Top Poster
Well-known
May 4, 2019
801
Until Microsoft releases a patch for two critical vulnerabilities affecting the font parsing component in all supported versions of Windows, some users can apply temporary protection in the form of a micropatch that prevents exploitation.

The two flaws affect the Adobe Type Manager Library (maintained by Microsoft) and are in the ATMFD.DLL font driver that processes Adobe Type 1 PostScript and OpenType fonts.

Leveraging them on systems earlier than Windows 10 can lead to remote code execution with elevated privileges. Microsoft is aware of threat actors exploiting them in targeted attacks on older versions of the operating system.
 

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,452
Disable the WebClient service.
So much for people, who often ask: What is the point of disabling services? Over the years, virtually all windows services were vulnerable, at least once. Disabling services you never use, acts preemptively, even against unknown. And MS usually suggests workarounds, since fixes take months.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top