Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
G.Skill TridentZ5 RGB DDR5 7200 CL34 2x16 GB review
ASUS TUF Gaming B760-PLUS WIFI D4 review
Netac NV7000 2 TB NVMe SSD Review
ASUS GeForce RTX 4080 Noctua OC Edition review
MSI Clutch GM51 Wireless mouse review
ASUS ROG STRIX B760-F Gaming WIFI review
Asus ROG Harpe Ace Aim Lab Edition mouse review
SteelSeries Arctis Nova Pro Headset review
Ryzen 7800X3D preview - 7950X3D One CCD Disabled
MSI VIGOR GK71 SONIC Blue keyboard review

New Downloads
Intel ARC graphics Driver Download Version: 31.0.101.4257
CrystalDiskInfo 9.0.0 Beta4 Download
AIDA64 Download Version 6.88
GeForce 531.41 WHQL driver download
AMD Radeon Software Adrenalin 23.3.2 WHQL download
GeForce 531.29 WHQL driver download
AMD Ryzen Master Utility Download 2.10.2.2367
AMD Radeon Software Adrenalin 23.3.1 WHQL download
Display Driver Uninstaller Download version 18.0.6.1
CPU-Z download v2.05


New Forum Topics
Which gpu is better? NVIDIA GeForce 531.41 WHQL driver Download & Discussion NVMe M.2 SSD Dedicated Clone Stand, with High-Speed Data Transfer of up to 1,000MB/s Mainstream GeForce RTX 4050 Graphics Card Launching in June 2023 Windows power plan settings explorer utility Valve to Discontinue Support for Windows 7, 8, and 8.1 on Steam Starting 2024 Msi rtx 4080 ventus 3x oc temps TEAMGROUP Unveils MP33Q M.2 PCIe SSD and T-FORCE VULCAN Z QLC SSD 4TB for High-Capacity Storage Thermaltake Unveils TOUGHAIR 710 Twin Tower Side Flow CPU Cooler with Two 140mm Fans and 6mm x 7 Heat Pipes JONSBO Announces DS8 Sub-LCD Series with High Resolution and Versatility in Black and White




Guru3D.com » News » Microsoft advisory on Remote Code Execution Vulnerability

Microsoft advisory on Remote Code Execution Vulnerability

by Hilbert Hagedoorn on: 03/24/2020 10:15 AM | source: microsoft.com | 6 comment(s)
Microsoft advisory on Remote Code Execution Vulnerability

Microsoft yesterday issued a warning that attackers are exploiting a previously undisclosed security vulnerability found in all supported versions of Windows.

The company said that "limited targeted attacks" observed could leverage un-patched vulnerabilities in the Adobe Type Manager Library. The company provided a guidance to help reduce customer risk until the security update is released.  Microsoft is working on a fix. Updates that address security vulnerabilities in Microsoft software are typically released on Update Tuesday, the second Tuesday of each month. The operating system versions that are affected by this vulnerability include Windows 7, but only enterprise users with extended security support will receive patches.

While Microsoft insures to work on a patch, affected users should initially protect themselves as follows:

  • Deactivation of the preview in Windows Explorer
  • Deactivation of the detail view in Windows Explorer
  • Deactivation of the WebClient service via Services.msc
  • Rename the library (atmfd.dll) of the Adobe Type Manager

In the meantime, the advisory offered a temporary workaround for affected Windows users to mitigate the flaw until a fix is available.

ADV200006 | Type 1 Font Parsing Remote Code Execution Vulnerability

Security Advisory

Microsoft is aware of limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released.

Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.

There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.

Microsoft is aware of this vulnerability and working on a fix. Updates that address security vulnerabilities in Microsoft software are typically released on Update Tuesday, the second Tuesday of each month. This predictable schedule allows for partner quality assurance and IT planning, which helps maintain the Windows ecosystem as a reliable, secure choice for our customers. The operating system versions that are affected by this vulnerability are listed below. Please see the mitigation and workarounds for guidance on how to reduce the risk.







« Thermalright releases Black Eagle slim sideflow TUF Gaming Alliance cooler · Microsoft advisory on Remote Code Execution Vulnerability · Review: Deepcool Gamer Storm Macube 310P »

Related Stories

Advertorial: Microsoft Office 2016 Only just 30$ on URcdkey - 03/20/2020 09:01 AM
Today what we recommend instead is to jump on URcdkeys where there is a surprise for all GURU3D readers! URcdkey sells serial codes (Product Keys) for many software suites. Today they offer you the pr...

Microsoft Bing shows an easy way to track Corona virus by country (tracker) - 03/17/2020 09:19 AM
While the coronavirus is spreading across the world, Microsoft offers an easy way to track them by country and state with the help of Bing's search engine....

Microsoft Shuts Down Necurs Botnet - 03/17/2020 09:00 AM
Microsoft, in collaboration with its industry partners worldwide, announced Tuesday it has taken legal and technical action to take down the infamous Necurs Botnet, one of the biggest spam email and m...

Xbox Series X: Specs Released by Microsoft - 8-Core ZEN and 3328 shader processors GPU - 03/16/2020 04:13 PM
The next generation of Xbox is defined by three primary characteristics: Power, Speed and Compatibility. Microsoft now shared all specification on their blog, and they are pretty impressive....

Ubisoft and Microsoft announce E3 2020 conferences will become digital conferences - 03/12/2020 08:38 AM
3 2020 was canceled due to the coronavirus outbreak, now  Microsoft and Ubisoft announced that they would still reveal the planned news, only through digital events....


2 pages 1 2


Rich_Guy
Senior Member



Posts: 13007
Joined: 2003-05-11

#5772851 Posted on: 03/24/2020 02:05 PM
Thanks Hilbert, done :)

GDGR
Junior Member



Posts: 2
Joined: 2019-09-04

#5772861 Posted on: 03/24/2020 02:57 PM
i can't live without "detail view" in explorer :/

Webhiker
Senior Member



Posts: 746
Joined: 2011-03-23

#5772862 Posted on: 03/24/2020 03:05 PM
Mitigations and workarounds are explained in detail here : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200006

Kaarme
Senior Member



Posts: 3374
Joined: 2013-03-10

#5772864 Posted on: 03/24/2020 03:08 PM
i can't live without "detail view" in explorer :/


I have Win10 in my native language, so I naturally don't have a "detail view", as it's all translated. I should be safe.

Astyanax
Senior Member



Posts: 15387
Joined: 2018-03-21

#5773027 Posted on: 03/25/2020 12:16 AM
any patched up web browser will have no issues, this is a situation that can only screw you if you go looking for an infection.

2 pages 1 2


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2023