Microsoft offers mitigations against unpatched Windows font handler security flaw

Action Center alert generated by Windows Defender Bug

Action Center alert generated by Windows Defender Bug

The company said that it is aware of targeted attacks on vulnerabilities in the Adobe Type Manager Library.

Attackers can exploit the vulnerabilities in several ways, by embedding the Type 1 fonts into documents and convincing users to open them or look at them in the Windows Explorer preview pane, Microsoft said. When a hacker exploits the flaw, they can trick a user into opening or viewing a document then use one of two known remote code executions to plant harmful code in the victim's system.

Windows version 7, 8.1, RT 8.1, 10 are vulnerable to the remote code execution flaws, along with Windows Server 2008 service pack 2 onwards.

Running up-to-date antivirus is very often an easy way to block an important share of malware, and the researchers over at German institute AV-TEST have conducted a new series of tests in January and February to determine the best security products for Windows.

Microsoft didn't disclose which groups or individuals are exploiting the vulnerability or what damage the attacks have caused.

On vulnerabile Windows Server variants, the default Enhanced Security Configuration does not mitigate against the vulnerabilities, Microsoft warned.

Secondly, you can also follow Microsoft's temporary workaround and disable the Preview and Details panes in Windows Explorer, which prevents the automatic display of OTF fonts in Windows Explorer.

In the meantime, Windows users can implement various workarounds, as detailed by Microsoft. Another safeguard is renaming the Adobe Type Manager Font Driver file "ATMFD.dll".

None of the mitigations are complete and all have their drawbacks.

Talking about the fix for the flaw, Microsoft is exhibiting a lax attitude. "Updates that address security vulnerabilities in Microsoft software are typically released on Update Tuesday, the second Tuesday of each month".

Based on previous form, a patch is most likely to arrive next month as part of the Microsoft's regular Patch Tuesday update, but we can't be certain of this - especially in these most uncertain times.

Earthquake of 5.3 degrees in Zagreb causes serious damage
Manu Dibango: African saxophone legend dies of Covid-19