Scary Windows 10 flaw exploited for 'targeted attacks' — and there's no fix

(Image credit: ymgerman / Shutterstock)

Attackers are exploiting a Windows flaw that allows malicious code to infiltrate fully updated systems, according to Microsoft. There's also no patch yet, meaning users are actively at risk. 

Microsoft issued a security advisory to users on March 23 saying it is "aware of limited targeted attacks" that leverage two remote code execution vulnerabilities. The security flaw stems from the Adobe Type Manager Library, which provides Windows apps with fonts from Adobe Systems. 

If a hacker tricks a victim into opening a malicious document or viewing it in Windows Preview, an attack can ensue. Maintaining the Adobe Type Manager Library in Windows is apparently Microsoft's responsibility, not Adobe's.

Although Microsoft did not share further details of the attacks that spurred this critical-level advisory, "limited targeted attacks" usually means that state-sponsored intelligence agencies are exploiting the flaws to compromise specific computer systems.

Microsoft said there's no fix for the vulnerability at this moment. According to TechCrunch , a spokesman for Microsoft suggested the patch will arrive on the next Patch Tuesday (April 14.)

The flaw affects Windows 7, Windows 8.1 and all versions of Windows 10, plus corresponding versions of Windows Server. Windows 7 systems will receive the April patches only if their operators have paid Microsoft an extra fee to keep support going past the normal Windows 7 end-of-life date, which was in January 2020.

What to do 

Until there's a patch available, all Windows users should keep an eye out for suspicious requests or prompts on their devices. Don't accept requests to view untrusted documents.

For those interested in an immediate workaround, Microsoft suggests disabling the preview pane and details pane in Windows Explorer, disabling the WebClient service or renaming the Adobe Type Manager Library' DLL library (ATMFD.DLL).

Microsoft's advisory said the issue was partly, but not completely, mitigated in all versions of Windows 10 because font drivers are run in isolation from the rest of the operating system. 

In Windows 10 build 1709 (the 2017 Fall Creators Update) and later, ATMFD.DLL is no longer present, but an attack could still "result in code execution within an AppContainer sandbox context with limited privileges and capabilities."

Details about carrying out these workarounds, and the potential risks of doing so, can be found here

TOPICS
Kate Kozuch

Kate Kozuch is the managing editor of social and video at Tom’s Guide. She writes about smartwatches, TVs, audio devices, and some cooking appliances, too. Kate appears on Fox News to talk tech trends and runs the Tom's Guide TikTok account, which you should be following if you don't already. When she’s not filming tech videos, you can find her taking up a new sport, mastering the NYT Crossword or channeling her inner celebrity chef.

Latest in Online Security
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
A man filing his taxes electronically on a laptop
AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Latest in News
nyc spring day AI image
OpenAI just unveiled new ChatGPT image generator powered by Sora — here's what you can do now
WWDC logo on yellow background
Apple WWDC 2025 date set for June 9 — iOS 19, Apple Intelligence and more expected
Motorola Razr Plus 2024 cover display
Motorola Razr Plus (2025) leaked specs hint at bigger upgrades — here's what we know
(L-R) Yura Borisov as Igor, Mark Eydelshteyn as Vanya, Karren Karagulian as Toros and Mikey Madison as Anora "Ani" Mikheeva in "Anora"
Hulu top 10 movies — here's what you need to stream right now
Nintendo Switch 2
Nintendo Switch 2 — industry insider just tipped release month and launch plans
Disney Plus logo
Disney Plus upgrade just fixed one of my biggest problems with the home page