A security breach in a font processing system is present in all versions of Windows and, according to Microsoft, is already being used in targeted attacks. The loophole, which remains unsolved, allows remote control of the computer to access and perform actions as long as the attacker is able to get the target user to open a compromised text file.
Present in a DLL file, the problem had not been revealed previously, which explains a little why it did not receive a fix. The gap appears in the so-called Adobe Type Manager Library, or atmfd.dll, which, despite the name, is the responsibility of Microsoft and serves to render some types of fonts in the operating system. According to the company, the flaw is being considered critical and has received the highest ranking in the list of Windows security problems, which also means that it will receive priority from developers for solution.
According to the company, it is enough for a compromised document to be viewed, even if only through the Windows Preview feature, for a hacker to be able to run malware on the victim’s computer and control it remotely, stealing data or performing actions with it . The paths can be diverse, from use in denial-of-service attacks to data hijacking, but Microsoft has not given further details about the attacks that are happening, limiting itself to claiming that they are aimed at certain targets and have a “ limited”.
Despite the apparent seriousness of the problem, the company said that the development of a fix is following the normal course. This means that, following the common pace of updates, Windows 10 users should receive an update on April 14, in the so-called “Patch Tuesday”. Usually, it is on this day of the week that Microsoft releases news, patches and other elements for the operating system.
However, it should be noted that the flaw also appears in other versions of the platform that, for the most part, will not receive corrections. Only corporate users of Windows 7, for example, should have the update, and as long as they are paying for Microsoft’s extended support services, a measure taken by it to ensure the safety of those who need more time to update the technology park.
Until then, or if they remain without correction for the fault, the recommendation is to disable text document previews in Windows Explorer or rename the DLL file so that it is not accessed, in addition to disabling the WebClient service through the command prompt or search operating system, through the option “services.msc”.
In addition, to everyone, the recommendation is always the same. As the exploration takes place by opening a compromised file, the ideal is to keep an eye on documents that arrive from unknown sources or are sent by e-mails and instant messengers. Even if the contact is recognized, it is worth paying attention and avoiding executing the file in case of doubt, as this protects the user not only from this one, but from so many other scams in the same category.