Windows under attack, there is a flaw but the patch is missing. How to try to protect yourself
Microsoft has warned companies and users of the presence of a critical vulnerability in various versions of Windows which, unfortunately, is currently exploited for targeted, albeit limited, attacks. Waiting for the patch, here’s how to try to defend yourself.
A new ” zero-day ” vulnerability affects Windows 10 and beyond. Microsoft has found in a bulletin that attackers are actively exploiting a flaw in the operating system – at a critical level – to take control of the computers on which it is installed. A patch has not yet been released to fix the security bug, so all PCs are potential prey for what has been termed ” limited ” and ” targeted ” attacks.
The problem is related to the Adobe Type Manager library (ATMFD.DLL).
All currently supported versions of Windows and Windows Server are vulnerable – Windows 7, whose support ended in mid-January, is also affected. ” There are several ways in which an attacker can exploit the flaw, such as convincing a user to open an ad hoc prepared document or view it in the Windows preview pane. ”
As written earlier, a patch is not yet available, but it could arrive with next month’s Patch Tuesday, currently scheduled for April 14th. It cannot be excluded, that the company accelerates the pace, safety corrective measures have been distributed several times outside the canonical timing. In the meantime, Microsoft has released a series of actions to mitigate the problem:
- Disable Preview Pane and Detail Pane in Windows Explorer (File Explorer).
- Disable the WebClient service.
- Rename ATMFD.DLL
The first measure prevents you from automatically displaying OpenType fonts, preventing certain types of attacks. Implementing it is simple: open File Explorer, click on the View tab, remove the selection from the Preview Pane, and the Detail Pane. Then click on Options (on the right of the screen), then on the Display tab, and in the ” Advanced Settings, ” select ” Always show icons, never previews. ” Then close all open instances of File Explorer for the change to take effect.
Disabling the WebClient service blocks attack vectors that attackers usually use to exploit remote exploits. This does not close all doors and could create some user experience problems, with the need to confirm the opening of arbitrary programs from the Internet. Microsoft has stated that disabling WebClient prevents the transmission of ” Web Distributed Authoring and Versioning, “also blocking the start of all services that explicitly depend on WebClient and log error messages in the system log.
Finally, changing the name to ATMFD.DLL (the library is not present in Windows 10 version 1709 and later) leads to display problems in applications that use integrated fonts and may prevent some apps from working if they use OpenType fonts.
In its bulletin, Microsoft also talks about acting on the registry, but it is a complex operation that could lead, if not done properly, to the total reinstallation of Windows.