Technology 2 min read

Microsoft Reports Critical Security Vulnerability in Windows

Sundry Photography / Shutterstock.com

Sundry Photography / Shutterstock.com

On Monday, Microsoft reported a critical security vulnerability in Windows's Adobe Type Manager Library that could potentially affect millions of users.

On Monday, Microsoft reported a critical security vulnerability that could potentially affect millions of Windows users. Note that the label “critical” is the highest severity rating that a threat could receive.

The security flaw exists in the Adobe Type Manager Library, which controls how the system renders and displays fonts.

According to Microsoft, the exploit involves tricking users into opening a document that contains hidden malicious content. Users don’t even have to click on the link, merely viewing the document in a preview screen could do the trick.

The advisory reads:

“There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.”

The report further suggests that all recent versions of Windows are vulnerable to the new security flaw. These include Windows 7, 8, and 10, as well as Windows Server.

At the moment, Microsoft has not fixed the flaw. This makes you wonder:

What Can You Do About the Critical Security Vulnerability

The tech giant recommends disabling the Preview and Details panes in Windows Explorer.

Other workarounds that Microsoft suggested include disabling WebClient service and the ATMFD.DLL file in the registry. Alternatively, you could rename the ATMFD.DLL to protect the program’s functionality.

With that said, the Windows maker preaches caution when making these changes.

For example, renaming the .DLL file could disrupt the functionality of some programs that rely on embedded fonts or OpenType fonts. Likewise, incorrect changes to the Windows registry exposes users to system crashes. And this may require a full Windows reinstallation.

The solutions are not perfect. For instance, disabling the WebClient service still leaves the possibility of running a malicious program on a target computer or network.

However, Microsoft points out that users will be prompted for confirmation before the program opens. That way, you can be aware of suspicious activities.

Meanwhile, the tech company is currently working on an update to fix the critical security vulnerability.

Microsoft is aware of this vulnerability and working on a fix,” says the report.

“Updates that address security vulnerabilities in Microsoft software are typically released on Update Tuesday, the second Tuesday of each month.”

Read More: NSA Discovers Major Security flaw in Microsoft’s Windows 10

First AI Web Content Optimization Platform Just for Writers

Found this article interesting?

Let Sumbo Bello know how much you appreciate this article by clicking the heart icon and by sharing this article on social media.


Profile Image

Sumbo Bello

Sumbo Bello is a creative writer who enjoys creating data-driven content for news sites. In his spare time, he plays basketball and listens to Coldplay.

Comments (0)
Most Recent most recent
You
share Scroll to top

Link Copied Successfully

Sign in

Sign in to access your personalized homepage, follow authors and topics you love, and clap for stories that matter to you.

Sign in with Google Sign in with Facebook

By using our site you agree to our privacy policy.