Microsoft reports new zero-day vulnerability in Windows that is being actively exploited

onetheycallEric

Posts: 225   +47
Staff
In brief: A previously undisclosed and yet to be patched critical security vulnerability is being exploited in the wild, affecting all recent versions of Windows (7/8/10) and Windows Server. Microsoft is working on a fix, but until then, it's probably best to heed Microsoft's workarounds to mitigate chances of exploitation.

Microsoft posted a new security advisory today (ADV200006), detailing what it's calling "Type 1 Font Parsing Remote Code Execution Vulnerability." They have given the vulnerability a "critical" severity rating, which is the highest severity rating Microsoft gives.

The flaw seems to stem from the Adobe Type Manager Library and deals with how Windows handles fonts. "Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format," says Microsoft.

Microsoft states there are multiple ways to leverage the flaw. One way is through tricking users into opening a especially crafted and malicious document. In fact, the document doesn't even need to opened properly; simply viewing it in the preview pane will apparently work just the same. Once opened or previewed, an attacker gains the ability for remote code execution.

Currently, there are "limited targeted attacks" that Microsoft is aware of. The company is already working on a fix, but in the meantime you can mitigate the flaw. Microsoft recommends disabling the preview pane and disabling the WebClient service. Check out the security advisory for instructions for specific Windows versions.

Patches are typically released on Patch Tuesday (the second Tuesday of the month), but Microsoft does release emergency patches outside of that schedule for critical flaws. This could be one of those cases.

Permalink to story.

 
Why not add what causes this zero-day vulnerability in Windows to be actively exploited? click on a web site? open an email? does it just come through the air?
It's in the 3rd paragraph of the news article:

"Microsoft states there are multiple ways to leverage the flaw. One way is through tricking users into opening a especially crafted and malicious document. In fact, the document doesn't even need to opened properly; simply viewing it in the preview pane will apparently work just the same. Once opened or previewed, an attacker gains the ability for remote code execution."
 
It's in the 3rd paragraph of the news article:

"Microsoft states there are multiple ways to leverage the flaw. One way is through tricking users into opening a especially crafted and malicious document. In fact, the document doesn't even need to opened properly; simply viewing it in the preview pane will apparently work just the same. Once opened or previewed, an attacker gains the ability for remote code execution."
Thanks, I have to learn to read slowly....
 
This is what happens when you allow executable code in data. Any programmer, project manager and company allowing code and data to be freely mixed and auto-executed should be accused of terrorism. Be it scripts in spreadsheet and presentations, or executables in fonts, or code that allows images/audio/movies to be treated as executables, there should be no excuses.

The standard excuse "it was just a bug" shouldn't pass. The programmer/project manager should be tested for 2 months of constant police interrogation and polygraph testing, until the subject breaks and stops lying, or the police concludes he's not lying. I don't buy those "it was just an oversight" excuses.
 
Back