Skip to main content

Scary Windows 10 flaw exploited for 'targeted attacks' — and there's no fix

(Image credit: ymgerman / Shutterstock )

Attackers are exploiting a Windows flaw that allows malicious code to infiltrate fully updated systems, according to Microsoft. There's also no patch yet, meaning users are actively at risk. 

Microsoft issued a security advisory to users on March 23 saying it is "aware of limited targeted attacks" that leverage two remote code execution vulnerabilities. The security flaw stems from the Adobe Type Manager Library, which provides Windows apps with fonts from Adobe Systems. 

If a hacker tricks a victim into opening a malicious document or viewing it in Windows Preview, an attack can ensue. Maintaining the Adobe Type Manager Library in Windows is apparently Microsoft's responsibility, not Adobe's.

Although Microsoft did not share further details of the attacks that spurred this critical-level advisory, "limited targeted attacks" usually means that state-sponsored intelligence agencies are exploiting the flaws to compromise specific computer systems.

Microsoft said there's no fix for the vulnerability at this moment. According to TechCrunch , a spokesman for Microsoft suggested the patch will arrive on the next Patch Tuesday (April 14.)

The flaw affects Windows 7, Windows 8.1 and all versions of Windows 10, plus corresponding versions of Windows Server. Windows 7 systems will receive the April patches only if their operators have paid Microsoft an extra fee to keep support going past the normal Windows 7 end-of-life date, which was in January 2020.

What to do 

Until there's a patch available, all Windows users should keep an eye out for suspicious requests or prompts on their devices. Don't accept requests to view untrusted documents.

For those interested in an immediate workaround, Microsoft suggests disabling the preview pane and details pane in Windows Explorer, disabling the WebClient service or renaming the Adobe Type Manager Library' DLL library (ATMFD.DLL).

Microsoft's advisory said the issue was partly, but not completely, mitigated in all versions of Windows 10 because font drivers are run in isolation from the rest of the operating system. 

In Windows 10 build 1709 (the 2017 Fall Creators Update) and later, ATMFD.DLL is no longer present, but an attack could still "result in code execution within an AppContainer sandbox context with limited privileges and capabilities."

Details about carrying out these workarounds, and the potential risks of doing so, can be found here