Serviceteam IT Security News

Updates for the critical-rated vulnerabilities, which are being actively exploited in the wild, are still weeks away

Attackers are actively exploiting two previously undisclosed security vulnerabilities that affect all supported as well as some of the no-longer-supported versions of the Windows operating system, Microsoft announced in an out‑of‑band advisory on Monday.

The security flaws, rated as critical, are being abused for limited targeted attacks. This would imply campaigns by advanced threat actors compromising carefully chosen targets. That said, citing the need to “help reduce customer risk until the security update is released”, the tech giant disclosed the flaws publicly.

“Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format,” said the tech giant. Adobe Type Manager is a font management tool that helps Windows handle and render fonts.

There are several ways how bad actors can leverage the flaws, including by tricking their targets into opening a booby-trapped file or into viewing it in the Windows Preview pane, said Microsoft.

Patch?

The flaws affect all supported versions of Windows, including Windows 10, as well as systems that are past end‑of‑life, notably Windows 7. Importantly, no patch is available for any of them, and Microsoft hinted that the fix wouldn’t arrive until the forthcoming Patch Tuesday rollout of security updates on April 14th. Even so, machines running the retired operating systems won’t receive the update even after it’s shipped – unless their owners are enrolled in Microsoft’s Extended Security Updates (ESU) program.

While the flaws are rated as critical for all affected systems, the company noted that on Windows 10 the potential for exploitation is limited. “For systems running supported versions of Windows 10 a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities,” said the tech giant. As of the time of writing, the vulnerabilities have yet to be assigned CVE identifiers.

Microsoft suggested a slew of temporary mitigations and workarounds to counter the risk while the patch is in the works. These include disabling the Preview Pane and Details Pane in Windows Explorer and renaming the library (atmfd.dll). Step-by-step guidance is available in the company’s advisory.

Weeks ago, Microsoft released patches for a critical cryptographic flaw in Windows and a zero-day in Internet Explorer. ESET researchers uncovered an exploit in 2018 that leveraged a pair of two zero-days in Adobe Reader and Windows, while last year they found an exploit that abused another Windows zero-day vulnerability (CVE‑2019‑1132).

Source: HERE

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!