On Monday, Microsoft reported a critical security vulnerability that could potentially affect millions of Windows users. Note that the label “critical” is the highest severity rating that a threat could receive.
The security flaw exists in the Adobe Type Manager Library, which controls how the system renders and displays fonts.
According to Microsoft, the exploit involves tricking users into opening a document that contains hidden malicious content. Users don’t even have to click on the link, merely viewing the document in a preview screen could do the trick.
The advisory reads:
“There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.”
The report further suggests that all recent versions of Windows are vulnerable to the new security flaw. These include Windows 7, 8, and 10, as well as Windows Server.
At the moment, Microsoft has not fixed the flaw. This makes you wonder:
What Can You Do About the Critical Security Vulnerability
The tech giant recommends disabling the Preview and Details panes in Windows Explorer.
Other workarounds that Microsoft suggested include disabling WebClient service and the ATMFD.DLL file in the registry. Alternatively, you could rename the ATMFD.DLL to protect the program’s functionality.
With that said, the Windows maker preaches caution when making these changes.
For example, renaming the .DLL file could disrupt the functionality of some programs that rely on embedded fonts or OpenType fonts. Likewise, incorrect changes to the Windows registry exposes users to system crashes. And this may require a full Windows reinstallation.
The solutions are not perfect. For instance, disabling the WebClient service still leaves the possibility of running a malicious program on a target computer or network.
However, Microsoft points out that users will be prompted for confirmation before the program opens. That way, you can be aware of suspicious activities.
Meanwhile, the tech company is currently working on an update to fix the critical security vulnerability.
“Microsoft is aware of this vulnerability and working on a fix,” says the report.
“Updates that address security vulnerabilities in Microsoft software are typically released on Update Tuesday, the second Tuesday of each month.”
Comments (0)
Least Recent