Critical New Windows 0Days Being Actively Exploited

Jannie Delucca

LoadingAdd to favorites

Vulnerabilities are in atmfd.dll: a kernel module presented by Home windows

All currently supported variations of Microsoft Home windows (server and desktop) are uncovered to two new distant code execution (RCE) vulnerabilities which are being actively exploited in the wild in “limited specific attacks” — and there’s no patch nevertheless.

The new Home windows 0days are in atmfd.dll: a kernel module that is presented by Home windows and which supplies support for OpenType fonts. (While known, in total, as “Adobe Variety Manager Font Driver”, it is Microsoft’s code, not Adobe’s).

Safety experts at France’s Orange Cyberdefense said if atmfd.dll was not present on a machine (it is not, seemingly, on all) then mitigation was avoidable. Computer system Organization Review could not right away confirm this. Mitigations are urgent. 

Microsoft warned these days of the flaws (foundation CVSS: 10) that “there are various ways an attacker could exploit the vulnerability, these as convincing a consumer to open a specifically crafted doc or viewing it in the Home windows Preview pane”.

It has posted a sweeping assortment of remediation alternatives but instructed that a patch may well not be all set until eventually April 14’s “Patch Tuesday”. No credit rating for the disclosure was presented it was not right away crystal clear how the RCE’s ended up recognized.

It is not the very first time that atmfd.dll has been the lead to of stability woes: two early January 2018 vulnerabilities disclosed to Microsoft by Google’s Challenge Zero (CVE-2018-0754 CVE-2018-0788) also entailed stability flaws in the module: all those two CVES (which involved how it handles objects in memory) needed nearby entry.

New Home windows Vulnerability 

Microsoft said (ADV200006): “[The two RCEs exist] when the Home windows Adobe Variety Manager Library improperly handles a specifically-crafted multi-learn font – Adobe Variety one PostScript format…  For programs managing supported variations of Home windows 10 a productive assault could only consequence in code execution within just an AppContainer sandbox context with minimal privileges and abilities.”

MSFT said: “Disabling the Preview and Details panes in Home windows Explorer prevents the automated show of OTF fonts in Home windows Explorer. While this prevents malicious data files from being seen in Home windows Explorer, it does not prevent a nearby, authenticated consumer from managing a specifically crafted program to exploit this vulnerability.

Steering on disabling these panes is available in this article.

Microsoft is informed of this vulnerability and functioning on a correct, the business said: “Updates that handle stability vulnerabilities in Microsoft software package are commonly unveiled on Update Tuesday, the next Tuesday of each thirty day period. This predictable agenda will allow for partner quality assurance and IT organizing, which can help preserve the Home windows ecosystem as a trusted, protected selection for our clients.”

See also: “A Sweetheart Offer, Accomplished in Secret”: Intel and Micron Sued About 3D XPoint



Next Post

"Concerning" Rise in ISP Outages

Insert to favorites “We have observed a regarding upward trajectory given that the starting of this month” As world-wide-web website traffic reaches all-time highs, with world-wide-web providers like Vodafone reporting a whopping fifty % increase in website traffic, a handy map has been established and made freely available to assist […]