There are a couple of Windows Zero-day vulnerabilities that are yet unpatched, with exploits being seen in the wild with some targeted attacks.
This affects all supported versions of windows including all versions of windows server. The patch is due April 14th.
Both vulnerabilities reside in the Windows Adobe Type Manager Library, a font parsing software that is used not only by 3rd party software but also by windows explorer to display the content of a file in the preview pane or details pane without users having to open it. Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.
The flaw can lead to attackers being able to run malicious code on your machine either by convincing someone to open an infected document, or just viewing it in the windows preview pane.
This makes it vitally important that you do not open documents from anyone you do not know, or from untrusted outside sources. This includes places like Facebook, linked-in, news sites, etc. There are bad actors posting COVID-19 related PDFs that look legit and trying hard to make them appealing to the panicked public. Good security awareness is going to be key for this one while we wait on a patch.
He’s a workaround for this issue
- Open Windows Explorer, click the View tab.
- Clear both the Details pane and Preview pane menu options. (not on by default)
- Click Options, and then click Change folder and search options.
- Click the View tab.
- Under Advanced settings, check the Always show icons, never thumbnails box.
- Close all open instances of Windows Explorer for the change to take effect.
Reference: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200006
Daniel Weatherly
Director of Security Services
Mainstream Technologies Inc.
501-801-6706
