Microsoft he revealed today that in Windows 7, 8 and 10 there are two critical vulnerabilities in the operating system font subsystem.
Both vulnerabilities have already been used in "limited, targeted attacks". The company has not released a patch yet.
There are two possibilities for remote code execution in Windows when the Adobe Type Manager library uses a specially designed multi-letter font (multi-master font, Adobe Type 1 PostScript format).
The vulnerable library is located in ATMLIB.DLL and operates on the kernel. Windows 10 is more protected by AppContainer / Sandbox technology.
There are many ways in which an attacker could exploit a vulnerability, such as persuading a user to open a specially edited document or view it through a Windows preview window.
To temporarily fix this defect, Microsoft has provided the following solutions. But none of this will prevent a certified user from running a malicious document that could be used to exploit the vulnerability.
Disable WebClient service
Press the two Win + R keys together to open the RUN and type services.msc.
Press Enter and find the WebClient service from the list of services.
Double-click it to open the Properties dialog box.
Change the boot type to Disabled. If the service is running, click Stop.
Microsoft believes this will help prevent remote attack.
There is also a solution for the local system. Requires changing some options in File Explorer.
Change options in File Explorer
Close all File Explorer windows. Open a new File Explorer window by pressing Win + E together.
Disable preview if you have enabled it.
Select the "Always show icons, never thumbnails" option in the Folder Options option.
Easy way to turn off the Preview Panel.
Download the zip. Contains two files (Hide.reg and Show.reg double click on whichever you are interested in to pass the information to your Computer Registry.
Finally, you can disable the problematic font parser from the Registry.
However, this method may cause problems in some applications based on this font library.
Turn off the analyzer in the registry
Open the Registry Editor application (Win + R and in the box that opens type regedit and press Enter).
Follow the route:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows
On the right, modify or create a new 32-Bit DWORD value and name it DisableATMFD.
(Even if you are running Windows 64-bit you will need to create a 32-bit DWORD value).
Set its value to 1.
Then you need to restart Windows.
Microsoft will soon release a patch for Windows 7, Windows 8 / 8.1, and Windows 10, (Yes, and for Windows 7, even if you are not in Extended Security Updates (ESU).