Announcement

Collapse
No announcement yet.

Windows code-execution zeroday is under active exploit, Microsoft warns

Collapse
X
Collapse
  •  

  • Windows code-execution zeroday is under active exploit, Microsoft warns


     




    Quote





    The font-parsing remote code-execution vulnerability is being used in “limited targeted attacks,” the software maker said in an advisory published on Monday morning. The security flaw exists in the Adobe Type Manager Library, a Windows DLL file that a wide variety of apps use to manage and render fonts available from Adobe Systems. The vulnerability consists of two code-execution flaws that can be triggered by the improper handling of maliciously crafted master fonts in the Adobe Type 1 Postscript format. Attackers can exploit them by convincing a target to open a booby-trapped document or viewing it in the Windows preview pane...



     




    Until a patch becomes available, Microsoft is suggesting users use one or more of the following work-arounds:
    • Disabling the Preview Pane and Details Pane in Windows Explorer
    • Disabling the WebClient service
    • Rename ATMFD.DLL







    ...While Windows users at large may not be targeted initially, new campaigns sometimes sweep larger and larger numbers of targets once awareness of the underlying vulnerabilities becomes wider spread. At a minimum, all Windows users should monitor this advisory, be on the lookout for suspicious requests to view untrusted documents, and install a patch once it becomes available. Windows users may also want to follow one or more of the workarounds, but only after considering the potential risks and benefits of doing so.

     






    Source



    While this is bad. It is good to see there are at least some kinds of mitigations. We are never going to be free of exploits but at the end of the day, this zeroday is bad, but it doesn't appear to be apocalyptic. Hopefully Microsoft will have a patch soon. Either way, it is being actively exploited so if you are worried check the article for mitigations. 

     




    More...
      Posting comments is disabled.

    Categories

    Collapse

    Article Tags

    Collapse

    Latest Articles

    Collapse

    • Once labelled a mental disorder, WHO now recommends playing games amid coronavirus outbreak
      by Dudicrous
      WHO have put together a #PlayApartTogether campaign which encourages self-isolation, social distancing, and of course, gaming. To push this campaign WHO has enlisted the help of the CEO of Activision Blizzard and the CEO of Riot Games

       




      Quote





      First, eat a health and nutritious diet, which helps your immune system to function properly. 




      Second, limit your alcohol
      ...
      03-31-2020, 04:00 AM
    • First step to self-awareness - Google AI designs its own chip
      by Dudicrous





      Google's own Artificial intelligence has managed to create it's own Tensor processor after less than a day of training.




      Quote





      Ideally you want a chip that’s optimized to do today’s AI, not the AI of two to five years ago. Google’s solution: have an AI design the AI chip. “We believe that it is AI itself that will provide the means to shorten the chip design cycle, creating
      ...
      03-30-2020, 06:16 AM
    • Virus or not, hand in your homework - Github launchers teaching tools for schools
      by Dudicrous
      Github's teaching tools are now globally available, allowing schools to manage computing students easier.




      Quote





      GitHub  today announced new features for GitHub Classroom, its collection of tools for helping computer science teachers assign and evaluate coding exercises, as well as a new set of free tools for teachers. The first of these is autograding, which does exactly what the name promises. Teachers can now
      ...
      03-30-2020, 04:50 AM
    • China & Huawei propose reinvention of the internet
      by Dudicrous
      Summary:

      Huawei, along with the state-run companies China Unicom and China Telecom, and China's Ministry of Industry and Information Technology, together proposed a new standard for networking technology, called "New IP", at the UN's International Telecommunication Union. The proposal claims to enable cutting-edge technologies, but has caused concern among western countries, such as the UK, Sweden, and the US, who believe that the system would give state-run ISPs granular...
      03-30-2020, 04:47 AM
    • A different kind of Processor Exploit - AMD an XBox Source Code Stolen
      by Dudicrous
      Sources:

      AMD Press Release




      Tom's Hardware (Quote Source)




      TheNextWeb




       




      Summary:

      The source code for the next few AMD GPUs (including the upcoming XBox GPU) have been leaked and hackers are demanding $100,000,000 for a copy




       




      Media:



      ...
      03-28-2020, 05:26 AM
    • Time to SET It down - distributed computer project ends after 21 years
      by Dudicrous
      While everyone is focused running folding @home, another computing project has finally ended after years of running.




      Quote





      SETI@home has announced that they will no longer be distributing new work to clients starting on March 31st as they have enough data and want to focus on completing their back-end analysis of the data.




      SETI@home is a distributed computing project where
      ...
      03-27-2020, 06:31 PM
    Working...
    X