Microsoft Alerts Users About Critical Font-related Remote Code Execution Vulnerability in Windows
Because it can be used for RCE, Microsoft rated the severity of this vulnerability as critical, although the company described the attacks that could exploit it as limited and targeted. All currently supported versions of Windows are affected.
Earlier this month, Microsoft found and patched an RCE flaw in its Server Message Block (SMBv3) protocol.
- Disable the Preview Pane and Details Pane in Windows Explorer. This prevents the automatic display of OpenType fonts (OTFs) in Windows Explorer and the viewing of malicious files. However, it doesn’t stop local, authenticated users from running specially crafted programs that exploit the vulnerability.
- Disable the WebClient service. This blocks remote attacks coursed through the Web Distributed Authoring and Versioning (WebDAV) client service. After the application of this workaround, remote attackers can still run programs on a user’ computers or local area network (LAN). But this time, a confirmation will be requested from the user before launching arbitrary programs from the internet.
- Rename atmfd.dll through an administrative command prompt. This is not available for Windows 10 version 1709 and subsequent versions.
Trend Micro users and customers are protected from the exploitation of this vulnerability with the following rule:
Trend Micro Solutions
- Deep Security and Vulnerability Protection Rule 1010207 - Microsoft Windows Multiple Type1 Font Parsing Remote Code Execution Vulnerabilities
- TippingPoint Filter 37431: HTTP: Microsoft Windows Type 1 PostScript Parsing Memory Corruption Vulnerability
Updated on March 24, 2020 09:00 PM EST to include Trend Micro solutions.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.