Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Wednesday March 25 2020, @03:07AM   Printer-friendly
from the Bummer-of-a-birthmark,-Hal dept.

Windows code-execution zeroday is under active exploit, Microsoft warns:

Attackers are actively exploiting a Windows zero-day vulnerability that can execute malicious code on fully updated systems, Microsoft warned on Monday.

The font-parsing remote code-execution vulnerability is being used in "limited targeted attacks," the software maker said in an advisory published on Monday morning. The security flaw exists in the Adobe Type Manager Library, a Windows DLL file that a wide variety of apps use to manage and render fonts available from Adobe Systems. The vulnerability consists of two code-execution flaws that can be triggered by the improper handling of maliciously crafted master fonts in the Adobe Type 1 Postscript format. Attackers can exploit them by convincing a target to open a booby-trapped document or viewing it in the Windows preview pane.

"Microsoft is aware of limited, targeted attacks that attempt to leverage this vulnerability," Monday's advisory warned. Elsewhere the advisory said: "For systems running supported versions of Windows 10 a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities."

Until a patch becomes available, Microsoft is suggesting users use one or more of the following workarounds:

  • Disabling the Preview Pane and Details Pane in Windows Explorer
  • Disabling the WebClient service
  • Rename ATMFD.DLL, or alternatively, disable the file from the registry

[...] Monday's advisory provides detailed instructions for both turning on and turning off all three workarounds. Enhanced Security Configuration, which is on by default on Windows Servers, doesn't mitigate the vulnerability, the advisory added.

[...] The phrase "limited targeted attacks" is frequently shorthand for exploits carried out by hackers carrying out espionage operations on behalf of governments. These types of attacks are usually limited to a small number of targets—in some cases, fewer than a dozen—who work in a specific environment that's of interest to the government sponsoring the hackers.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: -1, Troll) by Anonymous Coward on Wednesday March 25 2020, @03:10AM (3 children)

    by Anonymous Coward on Wednesday March 25 2020, @03:10AM (#975308)

    fuck gates

    • (Score: 0) by Anonymous Coward on Wednesday March 25 2020, @03:21AM (2 children)

      by Anonymous Coward on Wednesday March 25 2020, @03:21AM (#975311)

      https://id2020.org/alliance [id2020.org]

      The ability to prove who you are is a fundamental and universal human right. Because we live in a digital era, we need a trusted and reliable way to do that both in the physical world and online.

      • (Score: 2) by DannyB on Wednesday March 25 2020, @03:50PM (1 child)

        by DannyB (5839) Subscriber Badge on Wednesday March 25 2020, @03:50PM (#975498) Journal

        The ability for you to be controlled and restricted by government is a fundamental human right.

        We need a trusted and reliable way that the government can allow you to prove who you are, to ensure you are on the loyalty list. But we could do better. Exclude non loyal persons, unwilling to swear allegiance, from obtaining this new technology. That way only loyal people can buy, sell, or sign any covenants or commercial agreements or any click-through EULAs.

        During this crisis of COVID-19, universal IDs will also make it easier to identify the dead people on sidewalks, homeless alley ways, or standing in line at the Apple store for a new shiny.

        --
        OMG! There are roving gangs going door to door FORCING people to get vaccinated!
        • (Score: 0) by Anonymous Coward on Wednesday March 25 2020, @07:31PM

          by Anonymous Coward on Wednesday March 25 2020, @07:31PM (#975579)

          the government (population) is growing but everything is being digitized -aka- made unsafe and automated ... go figure.

  • (Score: 5, Informative) by Gaaark on Wednesday March 25 2020, @03:26AM (8 children)

    by Gaaark (41) on Wednesday March 25 2020, @03:26AM (#975317) Journal

    Zero day, every day, ad nauseum to the point of ad nauseum.

    Why do people STILL use Windows? Seriously?

    --
    --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
    • (Score: 0) by Anonymous Coward on Wednesday March 25 2020, @04:57AM (1 child)

      by Anonymous Coward on Wednesday March 25 2020, @04:57AM (#975339)

      To fulfill the high R-0 prophecy.

      • (Score: 2) by DannyB on Wednesday March 25 2020, @03:51PM

        by DannyB (5839) Subscriber Badge on Wednesday March 25 2020, @03:51PM (#975499) Journal

        I am unfamiliar with this R-0 prophecy.

        --
        OMG! There are roving gangs going door to door FORCING people to get vaccinated!
    • (Score: 2, Offtopic) by fliptop on Wednesday March 25 2020, @11:32AM (3 children)

      by fliptop (1666) on Wednesday March 25 2020, @11:32AM (#975404) Journal

      Why do people STILL use Windows?

      QuickBooks, AutoCad, various Point-of-Sale applications, Office (especially Publisher and Outlook), WordPerfect, and gaming. Just the first few that come to mind.

      I recently set up a client w/ several new workstations and put LibreOffice on each one. They complained, b/c when they did a search on a spreadsheet it didn't search all the sheets, just the page/tab they were currently on. I showed them the checkbox that says, "search all sheets" but they couldn't be bothered to do all that. So they subscribed to Office360. Most users are so clueless, if they won't even consider using LibreOffice on Windows, how can any of us in IT ever convince them to use something other than Windows?

      --
      It's crackers to slip a rozzer the dropsy in snide.
      • (Score: 2) by epitaxial on Wednesday March 25 2020, @01:05PM

        by epitaxial (3165) on Wednesday March 25 2020, @01:05PM (#975433)

        Engineering work. They don't make Linux builds for software and Wine only runs the most basic or ancient Windows programs.

      • (Score: 0) by Anonymous Coward on Wednesday March 25 2020, @01:29PM

        by Anonymous Coward on Wednesday March 25 2020, @01:29PM (#975447)

        > checkbox that says, "search all sheets"

        Anyone know if there is a setting to turn this on by default? Any Libre Office gurus here?

      • (Score: 2) by DannyB on Wednesday March 25 2020, @03:54PM

        by DannyB (5839) Subscriber Badge on Wednesday March 25 2020, @03:54PM (#975501) Journal

        checkbox that says, "search all sheets"

        Shine a powerful blacklight on the sheets from a safe distance.

        --
        OMG! There are roving gangs going door to door FORCING people to get vaccinated!
    • (Score: 2) by inertnet on Wednesday March 25 2020, @02:50PM

      by inertnet (4071) on Wednesday March 25 2020, @02:50PM (#975475)

      Windows is patient zero.

    • (Score: 2) by DannyB on Wednesday March 25 2020, @03:55PM

      by DannyB (5839) Subscriber Badge on Wednesday March 25 2020, @03:55PM (#975503) Journal

      Why do people STILL use Windows? Seriously?

      How many people can say: because that's what my employer uses.

      Okay. As long as the IT department is responsible for maintaining it.

      --
      OMG! There are roving gangs going door to door FORCING people to get vaccinated!
  • (Score: 2) by Snotnose on Wednesday March 25 2020, @04:06AM (8 children)

    by Snotnose (1623) on Wednesday March 25 2020, @04:06AM (#975326)

    Ok, I know how to rename a dll. How do I do the other 2 things they recommend?

    --
    The 3 symptoms of laziness: 1) think of something tomorrow 2)
    • (Score: 1, Informative) by Anonymous Coward on Wednesday March 25 2020, @04:22AM (4 children)

      by Anonymous Coward on Wednesday March 25 2020, @04:22AM (#975332)

      Webclient can be disabled in services. Run services.mvc, find the webclient service, right-click properties, set it to disabled.

      I think previews are disabled in one of the file explorer menus but I haven't checked.

      • (Score: 0) by Anonymous Coward on Wednesday March 25 2020, @05:58AM

        by Anonymous Coward on Wednesday March 25 2020, @05:58AM (#975348)

        ALT+P or their is a checkbox under "View" in the ribbon. Of course, I have to remember that because somehow Mom keeps toggling it when she tries to print.

      • (Score: 2) by driverless on Wednesday March 25 2020, @06:26AM (1 child)

        by driverless (4770) on Wednesday March 25 2020, @06:26AM (#975350)

        Is there any reason to ever have WebClient enabled? It's one of the long list of Windows bloat I disable immediately after I get access to a system, I've never noticed its absence.

        • (Score: 1, Informative) by Anonymous Coward on Wednesday March 25 2020, @08:09AM

          by Anonymous Coward on Wednesday March 25 2020, @08:09AM (#975372)

          It is mostly used for mounting and accessing WebDAV network locations in Explorer and other programs. If you and none of your applications are using the native WebDAV support, then you don't need it enabled. The other features it enables are used even less, and you should get an error if the API or service doesn't respond properly when disabled.

      • (Score: 0) by Anonymous Coward on Wednesday March 25 2020, @12:06PM

        by Anonymous Coward on Wednesday March 25 2020, @12:06PM (#975415)

        I'm not familiar with that one. Maybe I need to sudo or something? Is there a man page for this?

    • (Score: 0) by Anonymous Coward on Wednesday March 25 2020, @11:43AM

      by Anonymous Coward on Wednesday March 25 2020, @11:43AM (#975406)

      The other 2 things...
      1- Unplug the power cable.
      2- Whip yourself with the power cable because you were using Windows.

    • (Score: 1, Interesting) by Anonymous Coward on Wednesday March 25 2020, @04:01PM (1 child)

      by Anonymous Coward on Wednesday March 25 2020, @04:01PM (#975509)

      I thought I knew how to rename a .dll but, when I tried on Win7Pro, renaming ATMFD.DLL required "Trusted Installer" permissions, administrator didn't work (for me).

      Thoughts?

      • (Score: 4, Informative) by maxwell demon on Wednesday March 25 2020, @06:27PM

        by maxwell demon (1608) on Wednesday March 25 2020, @06:27PM (#975557) Journal

        What about booting with a Linux CD or DVD, renaming the file, and booting back into Windows?

        --
        The Tao of math: The numbers you can count are not the real numbers.
  • (Score: 5, Insightful) by Booga1 on Wednesday March 25 2020, @04:43AM (3 children)

    by Booga1 (6333) on Wednesday March 25 2020, @04:43AM (#975337)

    More preview attacks... I turn them off every chance I get, yet the powers that be keep turning them back on and making new ones in places that didn't have them before.
    All this crap that views things before you have a chance to decide if you want to click it is half the problem. If you make software, cut it out. Stop all the insane stuff you do without people doing things in the name of "we're helping!"

    • (Score: 1, Interesting) by Anonymous Coward on Wednesday March 25 2020, @08:04AM (2 children)

      by Anonymous Coward on Wednesday March 25 2020, @08:04AM (#975371)

      Kinda reminds me of web browser.... there's so much cruft to disable, more than 1/2 the options in Firefox are to disable things - and still I need to dig into about:config to disable pocket - plus 3 separate add-ons to disable yet more things. And STILL I cannot disable Autoplay on most sites. Most of the customizations are to disable things and those things are still crawling through every weak-point in the browser. The browser really needs to decide whose side it's on...

      • (Score: 1, Informative) by Anonymous Coward on Wednesday March 25 2020, @08:18AM (1 child)

        by Anonymous Coward on Wednesday March 25 2020, @08:18AM (#975373)

        Ahhh Pocket. What a colossal FU to their users. In the middle of one of their sprints tearing out various features with the mantra, "you can install an extension to do that," they decide to build it into the browser itself. Of course, that was after their FU to the extension developers began of cutting out various APIs the needed to make said extensions work, to the point they had to build pocket into the browser so it could work correctly until backtracking on plans to remove APIs it relied on

        • (Score: 1, Interesting) by Anonymous Coward on Wednesday March 25 2020, @10:20AM

          by Anonymous Coward on Wednesday March 25 2020, @10:20AM (#975390)

          Extensions developers should take a hard look at waterfox, and fork it if necessary.

  • (Score: -1, Troll) by Anonymous Coward on Wednesday March 25 2020, @05:06AM

    by Anonymous Coward on Wednesday March 25 2020, @05:06AM (#975340)

    More news nobody here can use, except for that one cool ed that still uses Windoze? Please, SoylentNews, you make me think this is some trendy mainstream Computer magazine.

  • (Score: 2) by shortscreen on Wednesday March 25 2020, @05:27AM (1 child)

    by shortscreen (2252) Subscriber Badge on Wednesday March 25 2020, @05:27AM (#975342) Journal

    12/14/2017 03:28 AM 297,728 atmfd.dll

    Whoa, I have this file! AFAICT, not a single program on my system uses it though.

  • (Score: 0) by Anonymous Coward on Wednesday March 25 2020, @09:34AM (2 children)

    by Anonymous Coward on Wednesday March 25 2020, @09:34AM (#975386)

    A match made in heaven ... Between IE and Flash how could it get better ....

    • (Score: 0) by Anonymous Coward on Wednesday March 25 2020, @12:09PM

      by Anonymous Coward on Wednesday March 25 2020, @12:09PM (#975416)

      Music CD + rootkit? (Thanks Sony)

    • (Score: 2) by DannyB on Wednesday March 25 2020, @03:57PM

      by DannyB (5839) Subscriber Badge on Wednesday March 25 2020, @03:57PM (#975505) Journal

      Between IE and Flash how could it get better

      Flash is not the only one. There are three other culprits: Java Applets, ActiveX and Silverlight.

      It's unfair to only blame Flash.

      --
      OMG! There are roving gangs going door to door FORCING people to get vaccinated!
  • (Score: 5, Interesting) by stormwyrm on Wednesday March 25 2020, @11:54AM

    by stormwyrm (717) Subscriber Badge on Wednesday March 25 2020, @11:54AM (#975411) Journal

    Bloody hell, the last time I remember that Adobe Type Manager was actually useful was in the Windows 3.1 days. Before the introduction of TrueType fonts there were a plethora of different font formats in use, some optimised for screen display, others for printing. Adobe had some of the best fonts and their own file format for fonts based on PostScript (which they invented), and as I recall Adobe Type Manager was supposed to allow certain types of their fonts to display on screen and to let them be used for printing even on non-PostScript printers, which were godawful expensive. Adobe Type Manager (or something equivalent like BitStream FaceLift) used to be essential for making any decent-looking documents back in the eighties and early nineties. A lot of this stuff was made obsolete by TrueType/OpenType though and it's doubtful that many folks who aren't old hands at desktop publishing have ever seen Adobe Type 1 fonts in honest typographic use any time recently. It should have been cut out of Windows a long time ago, and made available only to those few who still actually needed it.

    --
    Numquam ponenda est pluralitas sine necessitate.
(1)