New Windows Zero-Day Exploited in the Wild, no Patch in Sight
April 01, 2020
Last Monday, Microsoft published a security advisory detailing a new font-parsing remote code-execution vulnerability targeting Windows 7 devices.
The vulnerability resides in the Adobe Type Manager Library, a DLL file (ATMFD.DLL) used to manage and render fonts from Adobe Systems. A malicious attacker can run arbitrary code on the system by simply having the victim open a specially crafted document or by having them view the document in the Windows preview pane.
A case of permanent zero-day
Although the vulnerability is already used by threat actors in the wild, Microsoft has yet to release an official fix. Thing is, Windows 7 reached End of Life on January 14th this year and no new updates (including security fixes) are available for the operating system for users without an Extended Security Updates (ESU) Licensing agreement. This means most vulnerable systems will be left unpatched indefinitely – a situation often referred as “permanent zero-day.” An attacker could use this vulnerability to hijack vulnerable devices over and over.
In the absence of a fix, Microsoft recommends several workarounds:
- Disable the Preview Pane – this prevents the malicious code from running when previewing, but still allows compromise if a rigged document is opened.
- Disable the WebClient service – this also allows for exploitation if the victim opens the document though.
- DisableATMFD registry key manually or using a managed deployment script – this mitigates the issue for pre-Windows 10 computers, but might induce usability issues in specific circumstances.
- Rename ATMFD.DLL – this also works on pre-Windows 10 computers, but might induce usability issues in specific circumstances.
How To Defend Yourself Against Zero-Day Threats
Cyber-security solutions such as GravityZone can help you mitigate the issue at multiple levels, increasing the cost of an attack and minimizing the risk of compromise to your organization. Given that most such attacks arrive via spam e-mail, Bitdefender can intercept such files at the mail transport agent or as they are being analyzed in the Sandbox.
Bitdefender GravityZone can also pin down exploits and zero days through its strong suite of powerful behavioral technologies such as Process Inspector, Advanced Anti-Exploit, Network Attack Defense and Hypervisor Introspection.
Finally, hardening technologies such as Endpoint Risk Analytics can help prevent these attacks and further reduce the attack surface by enabling you to identify Indicators of Risk and patch these exploitable scenarios.
For more information about Bitdefender GravityZone, visit: www.bitdefender.com/business
tags
Author
Bitdefender is a cybersecurity leader delivering best-in-class threat prevention, detection, and response solutions worldwide. Guardian over millions of consumer, enterprise, and government environments, Bitdefender is one of the industry’s most trusted experts for eliminating threats, protecting privacy, digital identity and data, and enabling cyber resilience. With deep investments in research and development, Bitdefender Labs discovers hundreds of new threats each minute and validates billions of threat queries daily. The company has pioneered breakthrough innovations in antimalware, IoT security, behavioral analytics, and artificial intelligence and its technology is licensed by more than 180 of the world’s most recognized technology brands. Founded in 2001, Bitdefender has customers in 170+ countries with offices around the world.
View all postsRight now Top posts
FOLLOW US ON SOCIAL MEDIA
SUBSCRIBE TO OUR NEWSLETTER
Don’t miss out on exclusive content and exciting announcements!
You might also like
Bookmarks
