Yet another zero-day from Microsoft

As the entire world is going through the Pandemic situation, struggling with BCP and building and expanding infrastructure to support remote work policy. in addition, Microsoft released its security advisory stating two zero-days have been acknowledged by its security team.

Introduction

Yesterday morning Microsoft released its second security advisory stating the team is aware of the two zero-days exploited in a limited targeted attack.

The weakness in the Adobe font manager library allows attackers to take control of the system remotely in remote code execution attacks.

There are multiple ways to exploit this vulnerability for instance tricking users to open a specially crafted work document or forcing users to open windows pane.

It seems phishing would be the right method to trick users and exploit this vulnerability. However, there is no public exploit present as of now and this vulnerability was exploited in a targeted attack that means it’s a state-sponsored attack against specific government and industries.

Remediation

Earlier I mentioned the good news here is the bad news, no official patch related by Microsoft to mitigate this vulnerability.

Microsoft said the team is still working on the patch . I feel it would available for next month’s patching cycle.

Microsoft though has published three workarounds to mitigate the risk of being exploited.

  1. Disable the WebClient service
  2. Rename ATMFD.DLL
  3. Disable the Preview Pane and Details Pane in Windows Explorer

Conclusion

This is the second Zero-Day published by Microsoft in 2020. however, more will come in the coming months. The only way to protect the organization from this vulnerability is to apply the workaround mentioned in the advisory. in addition, closely monitor any development around this vulnerability.

Updates

24th March 2020

Microsoft released another advisory where they have noticed limited targeted exploitation of this vulnerability for Windows 7, Windows Server 2008, Windows Server 2012 Operating systems.

Microsoft also acknowledged there is no targeted attack against Windows 10, Windows Server 2016, and Windows Server 2019 operating systems.

Reference

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006#ID0EMGAC

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s