Last Monday, Microsoft published a security advisory detailing a new font-parsing remote code-execution vulnerability targeting Windows 7 devices.
The vulnerability resides in the Adobe Type Manager Library, a DLL file (ATMFD.DLL) used to manage and render fonts from Adobe Systems. A malicious attacker can run arbitrary code on the system by simply having the victim open a specially crafted document or by having them view the document in the Windows preview pane.
A case of permanent zero-day
Although the vulnerability is already used by threat actors in the wild, Microsoft has yet to release an official fix. Thing is, Windows 7 reached End of Life on January 14th this year and no new updates (including security fixes) are available for the operating system for users without an Extended Security Updates (ESU) Licensing agreement. This means most vulnerable systems will be left unpatched indefinitely – a situation often referred as “permanent zero-day.” An attacker could use this vulnerability to hijack vulnerable devices over and over.
In the absence of a fix, Microsoft recommends several workarounds:
- Disable the Preview Pane – this prevents the malicious code from running when previewing, but still allows compromise if a rigged document is opened.
- Disable the WebClient service – this also allows for exploitation if the victim opens the document though.
- DisableATMFD registry key manually or using a managed deployment script – this mitigates the issue for pre-Windows 10 computers, but might induce usability issues in specific circumstances.
- Rename ATMFD.DLL – this also works on pre-Windows 10 computers, but might induce usability issues in specific circumstances.
How To Defend Yourself Against Zero-Day Threats
Cyber-security solutions such as GravityZone can help you mitigate the issue at multiple levels, increasing the cost of an attack and minimizing the risk of compromise to your organization. Given that most such attacks arrive via spam e-mail, Bitdefender can intercept such files at the mail transport agent or as they are being analyzed in the Sandbox.
Bitdefender GravityZone can also pin down exploits and zero days through its strong suite of powerful behavioral technologies such as Process Inspector, Advanced Anti-Exploit, Network Attack Defense and Hypervisor Introspection.
Finally, hardening technologies such as Endpoint Risk Analytics can help prevent these attacks and further reduce the attack surface by enabling you to identify Indicators of Risk and patch these exploitable scenarios.
For more information about Bitdefender GravityZone, visit: www.bitdefender.com/business