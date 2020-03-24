Microsoft alerted about a new security flaw in all versions of Windows that allows an attacker to execute malicious code by means of an infected document. The vulnerability, classified as critical, is located in the source library of Adobe type manager and it is already being used.

According to an entry in the Microsoft Security Response Center, there are two remote execution vulnerabilities code in Windows when Type Manager incorrectly handles a font in Adobe Type 1 PostScript format.

An attacker would take advantage of this by means of a infected document that when run or viewed in the Windows Preview pane, it would leave the computer vulnerable to malware or ransomware.

Microsoft mentioned that it is aware of the existence of limited targeted attacks that would take advantage of this vulnerability, although for now there is no security update to correct the fault. Instead, the company offered a series of actions to mitigate the vulnerability by releasing a patch.

What can I do to correct the vulnerability?

There are three steps to take to prevent someone from exploiting the Adobe Type Manager vulnerability. The essential is disable Preview Pane and Explorer Details Pane Windows. This feature is found in the Windows Explorer options and there we must deactivate both options as well as enable the “Always show icons, never thumbnails” feature.

While the Windows preview pane is not as functional as in macOS, the real impact of these changes will be reflected at disable thumbnails. This will prevent previewing common files like photos or videos by increasing the size of the icons in Windows.

The second step involves disable WebClient service inside the Windows Services panel, after that we must rname the ATMFD.DLL file which is located at C: Windows system32. To achieve this, it will be necessary to enter a series of commands in the Command Prompt, executing it as administrator.

The mitigation may seem tedious for the end user who is not used to disabling services, but it is necessary if they feel that they may be victims of a targeted attack. Otherwise they could wait for the second week of April, which is when Microsoft releases its security update package.

Those users with Windows 7 or earlier systems they will have to follow these steps as there will be no security patch because they are outside the support period.

