Microsoft he revealed today that in Windows 7, 8 and 10 there are two critical vulnerabilities in the operating system font subsystem.
Both vulnerabilities have already been used in "limited, targeted attacks". The company has not released a patch yet.
More information on the website:
There are two possibilities for remote code execution in Windows when thecase Adobe Type Manager uses a specially designed multi-master font (Adobe Type 1 PostScript format).
The vulnerable library is located in ATMLIB.DLL and operates on the kernel. Windows 10 is more protected by AppContainer / Sandbox technology.
There are many ways in which an attacker could exploit a vulnerability, such as persuading a user to open a specially edited document or view it through a Windows preview window.
To temporarily fix this flaw, Microsoft has made the following available solutions. But none of these will prevent an authenticated user from running one malicious document that can be used to exploit the vulnerability.
Disable WebClient service
Press the two Win + R keys together to open the RUN and type services.msc.
Press Enter and find the WebClient service from the list of services.
Double-click it to open the Properties dialog box.
Change the boot type to Disabled. If the service is running, click Stop.
Microsoft believes this will help block remote attacks.
There is also a solution for the local system. Requires changing some options in File Explorer.
Change options in File Explorer
Close all File Explorer windows. Open a new File Explorer window by pressing Win + E together.
Disable preview if you have enabled it.
Select the "Always show icons, never thumbnails" option in the Folder Options option.
Easy way activationof disabling the Preview Panel.
Download the zip. Contains two files (Hide.reg and Show.reg double click on whichever you are interested in to pass the information to your Computer Registry.
Finally, you can disable the problematic font parser from the Registry.
However, this method may cause problems in some applications based on this font library.
Turn off the analyzer in the registry
Open the Registry Editor application (Win + R and in the box that opens type regedit and press Enter).
Follow the route:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows
On the right, modify or create a new 32-Bit DWORD value and name it DisableATMFD.
(Even if you are running Windows 64-bit you will need to create a 32-bit DWORD value).
Set its value to 1.
Then you need to restart Windows.
Microsoft will soon release a patch for Windows 7, Windows 8 / 8.1, and Windows 10, (Yes, and for Windows 7, even if you are not in Extended Security Updates (ESU).