Rewterz Threat Alert – Covid-Themed Malware Campaign Distributes Ransomware
March 22, 2020Rewterz Threat Alert – Icnanker, a Linux Trojan-Downloader
March 24, 2020Rewterz Threat Alert – Covid-Themed Malware Campaign Distributes Ransomware
March 22, 2020Rewterz Threat Alert – Icnanker, a Linux Trojan-Downloader
March 24, 2020Severity
High
Analysis Summary
Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library(atmfd.dll) improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format. There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane. Potential attack vectors include Microsoft Word, OpenOffice, LibreOffice, old versions of browsers.
Impact
- Code execution
- Unauthorized access
Affected Vendors
Microsoft
Affected Products
- Microsoft Windows 10
- Microsoft Windows 8.1
- Microsoft Windows 7
- Windows RT 8.1
- Microsoft Windows Server 2008
- Windows Server 2008 R2
- Microsoft Windows Server 2012
- Windows Server 2012 R2
- Windows 2016
- Microsoft Windows Server 2019
- Windows Server version 1803
- Windows Server version 1903
- Windows Server version 1909
Remediation
Patch will most likely arrive in the April patch Tuesday. Microsoft has released mitigations/workarounds.
- Disable the Preview Pane and Details Pane in Windows Explorer.
- Disable the WebClient service.
- Rename ATMFD.DLL
Microsoft explains how to do all that and the impacts of these workarounds in the advisory. Please visit the below mentioned link.
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006