Daxdi now accepts payments with Bitcoin

Microsoft: Windows Flaw Lets Hackers Use Fonts to Create Booby-Trapped Documents

Hackers are exploiting a pair of previously unknown vulnerabilities in Windows that can be used to create booby-trapped documents that can help take over your computer, according to Microsoft. 

On Monday, Microsoft it's “aware of limited targeted attacks” abusing the two flaws — both of which remain unpatched.

Operating systems including Windows 10, Windows 8.1 and Windows 7, along with various Windows Server versions, are all affected. 

The company is refraining from disclosing details about the attacks, and how prolific they’ve been.

But in a security advisory Microsoft said: “There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.”

The two vulnerabilities deal with the Windows Adobe Type Manager Library, which is used to parse and properly display Adobe-based fonts on a computer.

According to Microsoft, the library will mishandle a specially crafted multi-master font known as Adobe Type 1 PostScript format.

The error can trigger what's known as code execution, which a hacker can abuse to manipulate a PC to download and install additional malware. 

Microsoft is still working on a patch, which probably won’t arrive until April 14.

In the meantime, the company has come up with temporary solutions to mitigate the attack.

They include disabling the Preview Pane and Details Pane in Windows Explorer.

Another safeguard is renaming the Adobe Type Manager Font Driver file “ATMFD.dll.” 

Recommended by Our Editors

You can check out the advisory for the exact steps.

Microsoft also notes the Outlook Preview pane remains immune to the vulnerabilities.

To stay safe, we recommend not opening attachments in emails from untrusted senders. 

The bad news is that Microsoft isn’t releasing a patch for consumers on Windows 7, which the company ended support for in January.

Only Windows 7 enterprise users who purchased Extended Security Updates will receive a fix. 

Hackers are exploiting a pair of previously unknown vulnerabilities in Windows that can be used to create booby-trapped documents that can help take over your computer, according to Microsoft. 

On Monday, Microsoft it's “aware of limited targeted attacks” abusing the two flaws — both of which remain unpatched.

Operating systems including Windows 10, Windows 8.1 and Windows 7, along with various Windows Server versions, are all affected. 

The company is refraining from disclosing details about the attacks, and how prolific they’ve been.

But in a security advisory Microsoft said: “There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.”

The two vulnerabilities deal with the Windows Adobe Type Manager Library, which is used to parse and properly display Adobe-based fonts on a computer.

According to Microsoft, the library will mishandle a specially crafted multi-master font known as Adobe Type 1 PostScript format.

The error can trigger what's known as code execution, which a hacker can abuse to manipulate a PC to download and install additional malware. 

Microsoft is still working on a patch, which probably won’t arrive until April 14.

In the meantime, the company has come up with temporary solutions to mitigate the attack.

They include disabling the Preview Pane and Details Pane in Windows Explorer.

Another safeguard is renaming the Adobe Type Manager Font Driver file “ATMFD.dll.” 

Recommended by Our Editors

You can check out the advisory for the exact steps.

Microsoft also notes the Outlook Preview pane remains immune to the vulnerabilities.

To stay safe, we recommend not opening attachments in emails from untrusted senders. 

The bad news is that Microsoft isn’t releasing a patch for consumers on Windows 7, which the company ended support for in January.

Only Windows 7 enterprise users who purchased Extended Security Updates will receive a fix. 

Daxdi

pakapuka.com Cookies

At pakapuka.com we use cookies (technical and profile cookies, both our own and third-party) to provide you with a better online experience and to send you personalized online commercial messages according to your preferences. If you select continue or access any content on our website without customizing your choices, you agree to the use of cookies.

For more information about our cookie policy and how to reject cookies

access here.

Preferences

Continue