Microsoft has just make public that has detected that it is exploiting a vulnerability zero-day (that is to say, that has just been discovered and not yet with patch) that affects the latest versions of Windows starting with Windows 7including the versions Server.
This vulnerability is linked to the file atmfd.dllthe library of Adobe Type Manager which allows Windows systems to render the fonts PostScript. For that the attacker can exploit the vulnerability, it is necessary for the user to open any file is specifically designed to run code in remote (or viewing in the preview pane of the Browser).
Users of Windows 10 does not yet have a patch (and most of the Windows 7 ever will)
The problem faced by Windows users is that it seems that it is not expected that Microsoft will publish in the next few days, no patch until the launch of the next security update, the Patch Tuesday already scheduled for next April 14.
But the problem is even greater for users of Windows 7 and Windows 2008 Servertwo operating systems lacking because of official support by Microsoft. The company will send the patch to those who have contracted the ESU (security updates extended), but has already warned that does not plan to make more exceptions for the rest of the users.
And what we can do in the meantime, to mitigate potential attacks? Then take 3 steps very simple:
- Turn off the details pane and the preview in the Windows Explorer.
- Disable the WebClient service.
- Rename the file atmfd.dll.
Disney+ discounted 69,99 € 59,99 euros for a year: limited offer until 23 march
it was originally published in
Engadget
by
Marcos Merino
.
