Microsoft warns that as part of the Adobe Type Manager Library (atmfd.dll), two 0-day vulnerabilities were discovered that are already exploited by hackers. This library is used, in particular, for rendering PostScript Type 1 fonts in Windows.
According to experts, both vulnerabilities allow remote execution of arbitrary code, that is, attackers can run their own code in the victim’s system and take various actions on behalf of the user. An attacker can exploit the vulnerability in different ways, for example, he can convince a user to open a specially created document or view it in the Windows Preview panel.
All the currently supported versions of Windows and Windows Server are vulnerable to problems (including Windows 10, 8.1 and Server 2008, 2012, 2016 and 2019). Windows 7, whose support was discontinued earlier this year, is also vulnerable.
Little is known about the current attacks. The companies characterize them as “limited” and “target,” but do not go into details.
Since there are no patches yet (probably, their release can be expected only as part of the April Tuesday update), Microsoft engineers recommend taking the following steps:
- disable Preview Pane and Details Pane (preview and information panels) in Windows Explorer;
- disable WebClient service;
- rename ATMFD.DLL.