Windows Zeroday Actively Exploited: Type 1 Font Parsing Remote Code Execution Vulnerability, (Mon, Mar 23rd)

Microsoft announced limited exploitation of a zeroday remote code execution vulnerability in the type 1 font parser.

There are two RCE vulnerabilities in Windows Adobe Type Manager Library on Windows system, when parsing Adobe Type 1 PostScript format. There are multiple attack vectors, like documents.

Microsoft is working on a patch.

Following mitigation actions can be taken:

  • Disable the Preview Pane and Details Pane in Windows Explorer

  • Disable the WebClient service

  • Rename ATMFD.DLL



Microsoft advisory ADV200006

Didier Stevens
Senior handler
Microsoft MVP

(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.

Reposted from SANS. View original.

Posted in: SANS

Leave a Comment (0) ↓