SoylentNews is people
SoylentNews
Windows code-execution zeroday is under active exploit, Microsoft warns:
Attackers are actively exploiting a Windows zero-day vulnerability that can execute malicious code on fully updated systems, Microsoft warned on Monday.
The font-parsing remote code-execution vulnerability is being used in "limited targeted attacks," the software maker said in an advisory published on Monday morning. The security flaw exists in the Adobe Type Manager Library, a Windows DLL file that a wide variety of apps use to manage and render fonts available from Adobe Systems. The vulnerability consists of two code-execution flaws that can be triggered by the improper handling of maliciously crafted master fonts in the Adobe Type 1 Postscript format. Attackers can exploit them by convincing a target to open a booby-trapped document or viewing it in the Windows preview pane.
"Microsoft is aware of limited, targeted attacks that attempt to leverage this vulnerability," Monday's advisory warned. Elsewhere the advisory said: "For systems running supported versions of Windows 10 a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities."
Until a patch becomes available, Microsoft is suggesting users use one or more of the following workarounds:
- Disabling the Preview Pane and Details Pane in Windows Explorer
- Disabling the WebClient service
- Rename ATMFD.DLL, or alternatively, disable the file from the registry
[...] Monday's advisory provides detailed instructions for both turning on and turning off all three workarounds. Enhanced Security Configuration, which is on by default on Windows Servers, doesn't mitigate the vulnerability, the advisory added.
[...] The phrase "limited targeted attacks" is frequently shorthand for exploits carried out by hackers carrying out espionage operations on behalf of governments. These types of attacks are usually limited to a small number of targets—in some cases, fewer than a dozen—who work in a specific environment that's of interest to the government sponsoring the hackers.
(Score: 2) by DannyB on Wednesday March 25 2020, @03:50PM (1 child)
The ability for you to be controlled and restricted by government is a fundamental human right.
We need a trusted and reliable way that the government can allow you to prove who you are, to ensure you are on the loyalty list. But we could do better. Exclude non loyal persons, unwilling to swear allegiance, from obtaining this new technology. That way only loyal people can buy, sell, or sign any covenants or commercial agreements or any click-through EULAs.
During this crisis of COVID-19, universal IDs will also make it easier to identify the dead people on sidewalks, homeless alley ways, or standing in line at the Apple store for a new shiny.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 0) by Anonymous Coward on Wednesday March 25 2020, @07:31PM
the government (population) is growing but everything is being digitized -aka- made unsafe and automated ... go figure.