Last week, were discovered two 0-day vulnerabilities as part of the Adobe Type Manager Library (atmfd.dll), which are already under attack by hackers. Now on the 0patch platform, arrived temporary patches for these bugs.The atmfd.dll library is used, in particular, for rendering PostScript Type 1 fonts in Windows.
According to a warning from Microsoft, both vulnerabilities allow remote execution of the arbitrary code remotely, so attackers can run their own code on the victim’s system and take various actions on behalf of the user. An attacker can exploit the vulnerability in different ways, for example, he can convince a user to open a specially created document or view it in the Windows Preview panel.
All of the currently supported versions of Windows and Windows Server are vulnerable to problems (including Windows 10, 8.1 and Server 2008, 2012, 2016 and 2019). Windows 7, support of which was discontinued earlier this year, is also vulnerable”, – said Microsoft experts.
Since there are no official fixes for these problems, experts from the Acros Security, a company developing the 0patch solution, have prepared temporary patches (or micropatches).
0patch is a platform designed specifically for such situations, as fixing 0-day and other unpatched vulnerabilities, to support products that are no longer supported by manufacturers, custom software, and so on.
So far, fixes are available for 64-bit versions of Windows 7 and Windows Server 2008 R2, which do not receive the so-called Extended Security Updates (ESU), available only to paid corporate clients.
Experts remind that for Windows 10 version 1709 vulnerabilities do not pose a big threat, since here parsing of fonts occurs in an isolated space, which complicates the operation of bugs. Therefore, users may not wait for patches for this version. However, in earlier versions of Windows, everything happens in the kernel, giving attackers the ability to execute code with the highest privileges. In this regard, the interim fix as part of 0Patch will soon be available for Windows 7 and Windows Server 2008 R2 with ESU, as well as for Windows 8.1 and Windows Server 2012, both 32-bit and 64-bit versions.
Experts explain on the blog that there little known about these vulnerabilities, so they had to block the problematic functionality.
With this micropatch, all applications that use Windows GDI for font operations will find that any Adobe Type 1 PostScript fonts render as invalid and not loaded,” — writes Mitya Kolsek, head of Acros Security.
In essence, this means that after applying the patch, Windows Explorer will not preview the .PFM and .PFB font files. Symbols will not be displayed in the preview panel, in thumbnails, or in the details panel.
User Review( votes)