As the entire world is going through the Pandemic situation, struggling with BCP and building and expanding infrastructure to support remote work policy. in addition, Microsoft released its security advisory stating two zero-days have been acknowledged by its security team.
Introduction
Yesterday morning Microsoft released its second security advisory stating the team is aware of the two zero-days exploited in a limited targeted attack.
The weakness in the Adobe font manager library allows attackers to take control of the system remotely in remote code execution attacks.
There are multiple ways to exploit this vulnerability for instance tricking users to open a specially crafted work document or forcing users to open windows pane.
It seems phishing would be the right method to trick users and exploit this vulnerability. However, there is no public exploit present as of now and this vulnerability was exploited in a targeted attack that means it’s a state-sponsored attack against specific government and industries.
Remediation
Earlier I mentioned the good news here is the bad news, no official patch related by Microsoft to mitigate this vulnerability.
Microsoft said the team is still working on the patch . I feel it would available for next month’s patching cycle.
Microsoft though has published three workarounds to mitigate the risk of being exploited.
- Disable the WebClient service
- Rename ATMFD.DLL
- Disable the Preview Pane and Details Pane in Windows Explorer
Conclusion
This is the second Zero-Day published by Microsoft in 2020. however, more will come in the coming months. The only way to protect the organization from this vulnerability is to apply the workaround mentioned in the advisory. in addition, closely monitor any development around this vulnerability.
Updates
24th March 2020
Microsoft released another advisory where they have noticed limited targeted exploitation of this vulnerability for Windows 7, Windows Server 2008, Windows Server 2012 Operating systems.
Microsoft also acknowledged there is no targeted attack against Windows 10, Windows Server 2016, and Windows Server 2019 operating systems.
Reference
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006#ID0EMGAC
Leave a Reply