Security News > 2020 > March > It's 2020 and hackers are still hijacking Windows PCs by exploiting font parser security holes. No patch, either
Hackers are commandeering victims' Windows PCs by exploiting at least one remote-code-execution flaw in the Adobe Type Manager Library included with the Microsoft operating system.
Redmond today warned of two flaws, not yet assigned CVE numbers, present in the font parser - and at least one has been exploited in a "Limited number of attacks" to hijack vulnerable computers.
The only way to prevent trivial automatic exploitation is to disable the preview and details panes in Windows Explorer, though that will not kill off the bugs entirely unless you disable the library.
When the victim's PC tries to view the file, either in an application or in a preview pane, the operating system passes the embedded font, in Adobe Type 1 PostScript format, to the Adobe Type Manager Library, which mishandles the corrupt data and causes arbitrary code smuggled within the font to execute.
One mitigation is to disable the Windows Explorer Preview Pane and Details Pane.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/23/microsoft_issues_red_alert/
Related news
- ThreatLocker Patch Management: A Security-First Approach to Closing Vulnerability Windows (source)
- Don't delete that mystery empty folder. Windows put it there as a security fix (source)
- Windows "inetpub" security fix can be abused to block future updates (source)
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)
- M365 apps on Windows 10 to get security fixes into 2028 (source)
- Go ahead and ignore Patch Tuesday – it might improve your security (source)
- Microsoft's May Patch Tuesday update fails on some Windows 11 VMs (source)
- Microsoft ships emergency patch to fix Windows 11 startup failures (source)
- Microsoft patches the patch that put Windows 11 in a coma (source)
- HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass (source)