Security News > 2020 > March > Micropatches block exploitation of Windows zero-days under attack
While we wait for Microsoft to provide fixes for the two new Windows RCE zero-days that are being exploited in "Limited targeted Windows 7 based attacks," ACROS Security has released micropatches that can prevent remote attackers from exploiting the flaws.
In a blog post published on Thursday, ACROS Security CEO Mitja Kolsek explained which attack vectors can be used to exploit the vulnerabilities and why Windows 10 users are at a lower risk of attack.
"So we decided to find the common execution point that various Windows applications such as Windows Explorer, Font Viewer, and applications using Windows-integrated font support are using to pass a font to Windows, then place a bouncer there that would keep Adobe Type 1 PostScript fonts out."
Also for the time being, micropatches are only available for fully updated Windows 7 64-bit and Windows Server 2008 R2 without Extended Security Updates.
They will continue porting it to other affected Windows versions but not Windows 10 and newer Windows Server versions because the exploitation risk is lower on those.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/89Zl-1u-g4o/
Related news
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)
- Qualcomm patches high-severity zero-day exploited in attacks (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- Mozilla fixes Firefox zero-day actively exploited in attacks (source)
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)