Vulnerabilities are in atmfd.dll: a kernel module presented by Home windows
All currently supported variations of Microsoft Home windows (server and desktop) are uncovered to two new distant code execution (RCE) vulnerabilities which are being actively exploited in the wild in “limited specific attacks” — and there’s no patch nevertheless.
The new Home windows 0days are in atmfd.dll: a kernel module that is presented by Home windows and which supplies support for OpenType fonts. (While known, in total, as “Adobe Variety Manager Font Driver”, it is Microsoft’s code, not Adobe’s).
Safety experts at France’s Orange Cyberdefense said if atmfd.dll was not present on a machine (it is not, seemingly, on all) then mitigation was avoidable. Computer system Organization Review could not right away confirm this. Mitigations are urgent.
Microsoft warned these days of the flaws (foundation CVSS: 10) that “there are various ways an attacker could exploit