Security News > 2020 > March > Micropatches block exploitation of Windows zero-days under attack
While we wait for Microsoft to provide fixes for the two new Windows RCE zero-days that are being exploited in "Limited targeted Windows 7 based attacks," ACROS Security has released micropatches that can prevent remote attackers from exploiting the flaws.
In a blog post published on Thursday, ACROS Security CEO Mitja Kolsek explained which attack vectors can be used to exploit the vulnerabilities and why Windows 10 users are at a lower risk of attack.
"So we decided to find the common execution point that various Windows applications such as Windows Explorer, Font Viewer, and applications using Windows-integrated font support are using to pass a font to Windows, then place a bouncer there that would keep Adobe Type 1 PostScript fonts out."
Also for the time being, micropatches are only available for fully updated Windows 7 64-bit and Windows Server 2008 R2 without Extended Security Updates.
They will continue porting it to other affected Windows versions but not Windows 10 and newer Windows Server versions because the exploitation risk is lower on those.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/89Zl-1u-g4o/
Related news
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)
- Windows driver zero-day exploited by Lazarus hackers to install rootkit (source)
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- PEAKLIGHT Downloader Deployed in Attacks Targeting Windows with Malicious Movie Downloads (source)
- Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited (source)
- Versa fixes Director zero-day vulnerability exploited in attacks (source)
- Novel attack on Windows spotted in phishing campaign run from and targeting China (source)
- Microsoft fixes Windows Smart App Control zero-day exploited since 2018 (source)
- Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack (source)
- CISA warns of Windows flaw used in infostealer malware attacks (source)