Hackers are exploiting a zero-day vulnerability in the Windows OS to take over systems, Microsoft said in a security alert today.
The zero-day is located in the Adobe Type Manager Library (atmfd.dll), a library that Microsoft uses to render PostScript Type 1 fonts inside Windows.
Microsoft says there are two remote code execution (RCE) vulnerabilities in this built-in library that allow attackers to run code on a user’s system and take actions on their behalf.
All currently supported versions of the Windows and Windows Server operating systems are vulnerable, according to Redmond’s security advisory. Windows 7, which is currently end-of-support, is also impacted.
“There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane,” the company said.
The company described the current attacks exploiting this bug as “limited” and “targeted.”
A patch is currently not available. Microsoft intimated that one might arrive during next month’s Patch Tuesday — currently scheduled for April 14.
In the meantime, Microsoft has published a series of mitigations that companies and home users can take if they believe they might be targeted with a Windows zero-day attack.
Mitigations include:
- Disabling the Preview Pane and Details Pane in Windows Explorer
- Disabling the WebClient service
- Renaming ATMFD.DLL
