A new, unpatched zero-day threat

The latest case has been reported by the American company itself, which has published a warning about the existence of a new vulnerability in Windows that has not yet been patchedA security flaw that affects different versions of Windows and through which a third party can execute code remotely on a computer with this operating system.

Not yet patched

For now, this security problem affects both computers with Windows 7 and those that use Windows 10 and has its origin in the file 'atmfd.dll' found in the Adobe Type Manager library A type of file that allows Windows to execute and display PostScript fonts and that can be exploited by attackers to execute code remotely.

Microsoft clarifies that to exploit this security breach the user must execute a specific file, so it is not a question of a vulnerability that is easy to exploit.

The bug, as we have said, affects computers with Windows 7, Windows 10 and computers running Windows Server and currently There is no Microsoft fix for the problem yet.In this sense, and at the expense of the update that corrects the bug, Microsoft suggests some steps to help avoid it, steps that have the purpose of making the Adobe Type Manager library run and therefore be able to execute remote code:

Disable details pane and preview pane in Windows Explorer
Disable WebClient service
Rename or disable 'atmfd.dll'

It is expected that Microsoft will release the security patch on the following Path Tuesday, the second Tuesday of every month, so On April 14, the problem should be resolved, at least for those who use Windows 10. In the case of Windows 7, no longer supported, we will have to see the solution offered by the American company.

Via | ZDNet More information | Microsoft Cover image | madartzgraphics

Table of contents:

Not yet patched

Editor's choice