The Flaw and Workarounds
Adobe Type Manager Library (atmfd.dll) is actively used by Microsoft and other third-party apps for rendering PostScript Type 1 fonts. And the vulnerability was discovered when this library (DLL) improperly handled the Adobe Type 1 PostScript format, which is a specially-crafted multi-master font. Microsoft says this is being exploited by attackers as zero-day vulnerability and performing remote code execution (RCE) attacks. This couldn’t be the mistake of Adobe, as this DLL ships along with Windows OS by default. Thus, it’s Microsoft’s concern about checking its integrity. Now, the firm says attacks are happening to targeted and limited systems, which are vulnerable. And these are most of the Windows 10, Windows 7 and Windows server OS PCs. After exploring the flaw, an attacker shall send a malicious file as a specially crafted document, that needs to be opened or viewed in the preview pane. This allows the dump to be executed and take over PC, with the attacker gaining internal access and performing admin activities on behalf of the user. While this is in wild already, Microsoft says it’s working on a patch that could be released in its next update as Monthly Tuesday Patch, scheduled on April 14th, 2020. Until then, here’s what Microsoft suggested as workarounds:
Disabling the WebClient service; Disabling the Preview Pane and Details Pane in Windows Explorer or Renaming ATMFD.DLL
Source: Microsoft
