Microsoft announced limited exploitation of a zeroday remote code execution vulnerability in the type 1 font parser.
There are two RCE vulnerabilities in Windows Adobe Type Manager Library on Windows system, when parsing Adobe Type 1 PostScript format. There are multiple attack vectors, like documents.
Microsoft is working on a patch.
Following mitigation actions can be taken:
-
Disable the Preview Pane and Details Pane in Windows Explorer
-
Disable the WebClient service
-
Rename ATMFD.DLL
Microsoft advisory ADV200006
Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.