Sat. Jun 6th, 2020

Microsoft urgently releases remote code execution vulnerability notice affecting all Windows versions

2 min read

Recently, Microsoft has issued an emergency vulnerability notice ADV200006. The notice indicates that there were two remote code execution 0-day vulnerabilities in the Adobe Type Manager Library.

It is reported that the main cause of the two remote code execution vulnerabilities is that the Windows Adobe Type Manager Library does not properly handle the specially constructed multiple master fonts-Adobe Type 1 PostScript format. The vulnerability assessment is serious and Windows 7, which has been out of service, is also affected by these vulnerabilities.

Windows zero day flaws

Attackers can perform attacks through a variety of scenarios, such as persuading victims to access a specially constructed document in a Windows preview.

Microsoft is currently preparing a patch related to the vulnerability, and it is expected to be released on the April Patch Tuesday. Currently, Microsoft only provides a mitigation method for the time being.

We recommend that users pay attention to Microsoft’s progress in fixing these vulnerabilities, and users can refer to the corresponding mitigation plan first.

Affected version

  • Windows 10, 8.1 and Server 2008, 2012, 2016, and 2019 editions
  • Windows 7

Mitigation recommendations

Disable the Preview Pane and Details Pane in Windows Explorer

  1. Open Windows Explorer, click Organize, and then click Layout.
  2. Clear both the Details pane and Preview pane menu options.
  3. Click Organize, and then click Folder and search options.
  4. Click the View tab.
  5. Under Advanced settings, check the Always show icons, never thumbnails box.
  6. Close all open instances of Windows Explorer for the change to take effect.

Disable the WebClient service

  1. Click Start, click Run (or press the Windows Key and R on the keyboard), type Services.msc and then click OK.
  2. Right-click WebClient service and select Properties.
  3. Change the Startup type to Disabled. If the service is running, click Stop.
  4. Click OK and exit the management application.

Rename ATMFD.DLL

For 32-bit system:
cd “%windir%\system32”
takeown.exe /f atmfd.dll
icacls.exe atmfd.dll /save atmfd.dll.acl
icacls.exe atmfd.dll /grant Administrators:(F)
rename atmfd.dll x-atmfd.dll

For 64-bit system:
cd “%windir%\system32”
takeown.exe /f atmfd.dll
icacls.exe atmfd.dll /save atmfd.dll.acl
icacls.exe atmfd.dll /grant Administrators:(F)
rename atmfd.dll x-atmfd.dll
cd “%windir%\syswow64”
takeown.exe /f atmfd.dll
icacls.exe atmfd.dll /save atmfd.dll.acl
icacls.exe atmfd.dll /grant Administrators:(F)
rename atmfd.dll x-atmfd.dll

Restart the system.