Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Wednesday March 25 2020, @03:07AM   Printer-friendly
from the Bummer-of-a-birthmark,-Hal dept.

Windows code-execution zeroday is under active exploit, Microsoft warns:

Attackers are actively exploiting a Windows zero-day vulnerability that can execute malicious code on fully updated systems, Microsoft warned on Monday.

The font-parsing remote code-execution vulnerability is being used in "limited targeted attacks," the software maker said in an advisory published on Monday morning. The security flaw exists in the Adobe Type Manager Library, a Windows DLL file that a wide variety of apps use to manage and render fonts available from Adobe Systems. The vulnerability consists of two code-execution flaws that can be triggered by the improper handling of maliciously crafted master fonts in the Adobe Type 1 Postscript format. Attackers can exploit them by convincing a target to open a booby-trapped document or viewing it in the Windows preview pane.

"Microsoft is aware of limited, targeted attacks that attempt to leverage this vulnerability," Monday's advisory warned. Elsewhere the advisory said: "For systems running supported versions of Windows 10 a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities."

Until a patch becomes available, Microsoft is suggesting users use one or more of the following workarounds:

  • Disabling the Preview Pane and Details Pane in Windows Explorer
  • Disabling the WebClient service
  • Rename ATMFD.DLL, or alternatively, disable the file from the registry

[...] Monday's advisory provides detailed instructions for both turning on and turning off all three workarounds. Enhanced Security Configuration, which is on by default on Windows Servers, doesn't mitigate the vulnerability, the advisory added.

[...] The phrase "limited targeted attacks" is frequently shorthand for exploits carried out by hackers carrying out espionage operations on behalf of governments. These types of attacks are usually limited to a small number of targets—in some cases, fewer than a dozen—who work in a specific environment that's of interest to the government sponsoring the hackers.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by Booga1 on Wednesday March 25 2020, @04:43AM (3 children)

    by Booga1 (6333) on Wednesday March 25 2020, @04:43AM (#975337)

    More preview attacks... I turn them off every chance I get, yet the powers that be keep turning them back on and making new ones in places that didn't have them before.
    All this crap that views things before you have a chance to decide if you want to click it is half the problem. If you make software, cut it out. Stop all the insane stuff you do without people doing things in the name of "we're helping!"

    Starting Score:    1  point
    Moderation   +3  
       Insightful=2, Informative=1, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 1, Interesting) by Anonymous Coward on Wednesday March 25 2020, @08:04AM (2 children)

    by Anonymous Coward on Wednesday March 25 2020, @08:04AM (#975371)

    Kinda reminds me of web browser.... there's so much cruft to disable, more than 1/2 the options in Firefox are to disable things - and still I need to dig into about:config to disable pocket - plus 3 separate add-ons to disable yet more things. And STILL I cannot disable Autoplay on most sites. Most of the customizations are to disable things and those things are still crawling through every weak-point in the browser. The browser really needs to decide whose side it's on...

    • (Score: 1, Informative) by Anonymous Coward on Wednesday March 25 2020, @08:18AM (1 child)

      by Anonymous Coward on Wednesday March 25 2020, @08:18AM (#975373)

      Ahhh Pocket. What a colossal FU to their users. In the middle of one of their sprints tearing out various features with the mantra, "you can install an extension to do that," they decide to build it into the browser itself. Of course, that was after their FU to the extension developers began of cutting out various APIs the needed to make said extensions work, to the point they had to build pocket into the browser so it could work correctly until backtracking on plans to remove APIs it relied on

      • (Score: 1, Interesting) by Anonymous Coward on Wednesday March 25 2020, @10:20AM

        by Anonymous Coward on Wednesday March 25 2020, @10:20AM (#975390)

        Extensions developers should take a hard look at waterfox, and fork it if necessary.