Microsoft he revealed today that in Windows 7, 8 and 10 there are two critical vulnerabilities in the operating system font subsystem.
Both vulnerabilities have already been used in "limited, targeted attacks". The company has not released a patch yet.
More information on the website:
There are two possibilities for remote code execution in Windows when the Adobe Type Manager library uses a specially designed multi-letter font (multi-master font, Adobe Type 1 PostScript format).
The vulnerable library is located in ATMLIB.DLL and operates on the kernel. Windows 10 is more protected by AppContainer / Sandbox technology.
There are many ways in which an attacker could exploit a vulnerability, such as persuading a user to open a specially edited document or view it through a Windows preview window.
To temporarily fix this flaw, Microsoft has made the following workarounds available. But none of these will prevent an authenticated user from running one malicious document that can be used to exploit the vulnerability.
Disable WebClient service
Press the two Win + R keys together to open the RUN and type services.msc.
Press Enter and find the WebClient service from the list of services.
Double-click it to open the Properties dialog box.
Change the cm typemovements to Disabled. If the service is running, click the Stop button.
Microsoft believes this will help prevent remote attack.
There is also a workaround for the local system. He demands her change of some options in File Explorer.
Change options in File Explorer
Close all File Explorer windows. Open a new File Explorer window by pressing Win + E together.
Disable preview if you have enabled it.
Select the "Always show icons, never thumbnails" option in the Folder Options option.
Easy way to turn off the Preview Panel.
Download the zip. Contains two files (Hide.reg and Show.reg double click on whichever you are interested in to pass the information to your Computer Registry.
Finally, you can disable the problematic font parser from the Registry.
However, this method may cause problems in some applications based on this font library.
Turn off the analyzer in the registry
Open the Registry Editor application (Win + R and in the box that opens type regedit and press Enter).
Follow the route:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows
On the right, modify or create a new 32-Bit DWORD value and name it DisableATMFD.
(Even if you're running Windows 64-bit you should create a 32-bit DWORD value).
Set its value to 1.
Then you need to restart Windows.
Microsoft will soon release a fix for Windows 7, Windows 8/8.1 and Windows 10, (Yes for Windows 7 too, even without being in the Extended Security Updates (ESU).
