Home → News → Windows Code-Execution Zero-day Is Under Active Exploit... → Full Text

Windows Code-Execution Zero-day Is Under Active Exploit, Microsoft Warns

By Ars Technica

March 25, 2020

[article image]

Microsoft has issued a warning that a Windows zero-day vulnerability is being exploited in "limited targeted attacks" to execute malicious code on fully updated systems.

The font-parsing remote code-execution vulnerability exists in the Adobe Type Manager Library, which numerous apps use to manage and render fonts available from Adobe Systems.

The two code-execution flaws can be exploited by convincing a target to open or view a booby-trapped document in the Windows preview pane.

Said Microsoft in an advisory, "For systems running supported versions of Windows 10, a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities."

Until a patch is made available, Microsoft recommends disabling the Preview Pane and Details Pane in Windows Explorer, disabling the WebClient service, or renaming ATMFD.DLL or disabling the file from the registry.

From Ars Technica
View Full Article


Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


No entries found