As the entire world is going thorough the Pandemic situation, struggling with BPC and building and expanding infrastructure to support remote work policy Microsoft released is security advisory stating two zero-days has been acknowledged by its security team.
Yesterday morning Microsoft released its second security advisory stating team is aware of the two zero-days exploited in limited targeted attack.
The weakness in Adobe font manager library which allows attacker to take control of the system remotely in remote code execution attack.
There are multiple ways to exploit this vulnerability by tricking user to open a specially crafted work document or forcing users to open windows pane.
It seems phishing would be the right method to trick user and exploit this vulnerability.
The good news is there is no public exploit present as of now and this vulnerability was exploited in targeted attack that means its a state sponsored attacks against specific government and industries.
Earlier I mentioned the good new new here is the bad news. there is no official patch related by Microsoft to mitigate this vulnerability.
Microsoft said the team is still working on the patch which might take some time to release. I feel it would available to next month patching cycle.
Microsoft though has published three workarounds to mitigate the risk of being exploited.
- Disable the WebClient service
- Rename ATMFD.DLL
- Disable the Preview Pane and Details Pane in Windows Explorer
This is the second Zero-Day published by Microsoft in 2020 and more will come in next months. the only way to protect organization from this vulnerability is to apply the workaround recommended by Microsoft and closely monitor any development around this vulnerability.
24th March 2020
Microsoft released another advisory where they have noticed limited targeted exploitation of this vulnerability for Windows 7, Windows Server 2008, Windows Server 2012 Operating systems.
Microsoft also acknowledged there is no targeted attack against Windows 10, Windows Server 2016 and Windows Server 2019 operating systems.