Technology giant Microsoft announced in its security alert that there is a vulnerability in all currently supported Windows versions. The vulnerability currently has no solution.
US-based technology giant Microsoft announced in its security alert that hackers are using one of the ‘zero-day vulnerabilities’ in the Windows operating system to take over the system.
This zero-day vulnerability is located in the Adobe Type Manager Library (atmfd.dll), a library that Microsoft uses to render the PostScript Type 1 font in Windows.
The technology giant announced that there are two ‘Remote Code Application’ (RCE) vulnerabilities in its internal library. These vulnerabilities in the system allow attackers to run code on the user’s system and use it for their own benefit. In a statement, Microsoft said that all supported Windows and Windows Server operating system versions are vulnerable. In addition, Windows 7, which the company has stopped supporting, is among the operating systems affected by this vulnerability.
The company explained how it could be attacked with this vulnerability in Windows: “There are many ways an attacker can exploit the vulnerability. These; persuading a user to open a specially crafted file or viewing it in the Windows Preview section. ”
There is currently no patch to address this vulnerability. The company said this vulnerability could be addressed with an update to be released on April 14. Microsoft has listed some measures for companies and users who think it was targeted for this type of attack. These measures are as follows:
Disable the Preview Pane and Details Pane in Windows Explorer.
Disabling the WebClient service.
Rename the ATFMD.DLL file.