Sign In

Communications of the ACM

ACM TechNews

Windows Code-Execution Zero-day Is Under Active Exploit, Microsoft Warns


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Windows 10 wallpaper.

Microsoft warns that a Windows zero-day vulnerability is being exploited to execute malicious code on fully updated systems.

Credit: Microsoft

Microsoft has issued a warning that a Windows zero-day vulnerability is being exploited in "limited targeted attacks" to execute malicious code on fully updated systems.

The font-parsing remote code-execution vulnerability exists in the Adobe Type Manager Library, which numerous apps use to manage and render fonts available from Adobe Systems.

The two code-execution flaws can be exploited by convincing a target to open or view a booby-trapped document in the Windows preview pane.

Said Microsoft in an advisory, "For systems running supported versions of Windows 10, a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities."

Until a patch is made available, Microsoft recommends disabling the Preview Pane and Details Pane in Windows Explorer, disabling the WebClient service, or renaming ATMFD.DLL or disabling the file from the registry.

From Ars Technica
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found