Vulnerabilities are in atmfd.dll: a kernel module presented by Home windows
All currently supported variations of Microsoft Home windows (server and desktop) are uncovered to two new distant code execution (RCE) vulnerabilities which are being actively exploited in the wild in “limited specific attacks” — and there’s no patch nevertheless.
The new Home windows 0days are in atmfd.dll: a kernel module that is presented by Home windows and which supplies support for OpenType fonts. (While known, in total, as “Adobe Variety Manager Font Driver”, it is Microsoft’s code, not Adobe’s).
Safety experts at France’s Orange Cyberdefense said if atmfd.dll was not present on a machine (it is not, seemingly, on all) then mitigation was avoidable. Computer system Organization Review could not right away confirm this. Mitigations are urgent.
Microsoft warned these days of the flaws (foundation CVSS: 10) that “there are various ways an attacker could exploit the vulnerability, these as convincing a consumer to open a specifically crafted doc or viewing it in the Home windows Preview pane”.
It has posted a sweeping assortment of remediation alternatives but instructed that a patch may well not be all set until eventually April 14’s “Patch Tuesday”. No credit rating for the disclosure was presented it was not right away crystal clear how the RCE’s ended up recognized.
It is not the very first time that atmfd.dll has been the lead to of stability woes: two early January 2018 vulnerabilities disclosed to Microsoft by Google’s Challenge Zero (CVE-2018-0754 CVE-2018-0788) also entailed stability flaws in the module: all those two CVES (which involved how it handles objects in memory) needed nearby entry.
Microsoft is informed of minimal specific attacks that could leverage unpatched vulnerabilities in the Adobe Variety Manager Library, and is giving steerage to aid lower shopper danger until eventually the stability update is unveiled. See the url for extra aspects. https://t.co/tUNjkHNZ0N
— Safety Response (@msftsecresponse) March 23, 2020
New Home windows Vulnerability
Microsoft said (ADV200006): “[The two RCEs exist] when the Home windows Adobe Variety Manager Library improperly handles a specifically-crafted multi-learn font – Adobe Variety one PostScript format… For programs managing supported variations of Home windows 10 a productive assault could only consequence in code execution within just an AppContainer sandbox context with minimal privileges and abilities.”
Microsoft has unveiled ADV200006 about an 0day vulnerability being exploited in the wild in Microsoft Home windows Adobe Variety Manager Variety one font parsing.
There are nearly as a lot of workarounds presented as there are assault vectors!https://t.co/CNu5iV2Pc2
— CERT/CC (@certcc) March 23, 2020
MSFT said: “Disabling the Preview and Details panes in Home windows Explorer prevents the automated show of OTF fonts in Home windows Explorer. While this prevents malicious data files from being seen in Home windows Explorer, it does not prevent a nearby, authenticated consumer from managing a specifically crafted program to exploit this vulnerability.
Steering on disabling these panes is available in this article.
Microsoft is informed of this vulnerability and functioning on a correct, the business said: “Updates that handle stability vulnerabilities in Microsoft software package are commonly unveiled on Update Tuesday, the next Tuesday of each thirty day period. This predictable agenda will allow for partner quality assurance and IT organizing, which can help preserve the Home windows ecosystem as a trusted, protected selection for our clients.”
See also: “A Sweetheart Offer, Accomplished in Secret”: Intel and Micron Sued About 3D XPoint