acm-header
Sign In

Communications of the ACM

Home/News/Windows Code-Execution Zero-day Is Under Active Exploit.../Full Text
ACM TechNews

Windows Code-Execution Zero-day Is Under Active Exploit, Microsoft Warns

By Ars Technica
March 25, 2020
Comments
View as: Print Mobile App Share:
Windows 10 wallpaper.

Microsoft warns that a Windows zero-day vulnerability is being exploited to execute malicious code on fully updated systems.

Credit: Microsoft

Microsoft has issued a warning that a Windows zero-day vulnerability is being exploited in "limited targeted attacks" to execute malicious code on fully updated systems.

The font-parsing remote code-execution vulnerability exists in the Adobe Type Manager Library, which numerous apps use to manage and render fonts available from Adobe Systems.

The two code-execution flaws can be exploited by convincing a target to open or view a booby-trapped document in the Windows preview pane.

Said Microsoft in an advisory, "For systems running supported versions of Windows 10, a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities."

Until a patch is made available, Microsoft recommends disabling the Preview Pane and Details Pane in Windows Explorer, disabling the WebClient service, or renaming ATMFD.DLL or disabling the file from the registry.

From Ars Technica
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA

 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account