On 23rd March, Microsoft acknowledged a zero-day vulnerability that affects all the Windows computers. The list of affected computers includes the most-updated Windows 10 including the insider builds; Windows 8.1 and 8; Windows 7 which has reached its End of Life, and lots of versions of Windows Server. However, the vulnerability may be a limited targeted attack which suggests it’s not that widespread and only a particular number of users are often affected — mainly those that affect font files and therefore the preview pane.
Microsoft has zeroed down the attack to 2 exploits within the Adobe Type Manager Library which the attackers are taking advantage of. Having said that, the sad part is that Microsoft are going to be releasing the safety patch next month, most likely on Pan American Day , 2020. So until then, you’ll take a series of actions by yourself which may fix Windows Zero-Day vulnerability on Windows 10 computers immediately .
What is Windows Zero-Day Vulnerability (March 2020)?
As I said above, this attack corresponds to font parsing which leverages the 2 unpatched vulnerabilities currently available within the Adobe Type Manager Library. Microsoft said that it happens when “Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format”.
To break it down, basically, once you download a font file, it shows a preview of the font either in thumbnail or within the preview pane. And that’s where Remote Code Execution takes place. Microsoft also suggests that the exploit might not only be limited to font files (OTF/TTF) but are often extended to specially crafted documents. Microsoft states that “there are multiple ways an attacker could exploit the vulnerability, like convincing a user to open a specially crafted document or viewing it within the Windows Preview pane.”
To conclude, albeit you only download a font file or a document, the attack are often executed without explicitly opening the file. It’s because the attackers are using Windows preview and thumbnail to take advantage of the vulnerability. So all we’ve to try to to is disable both preview pane and thumbnail feature on Windows Explorer and your PC will stop the execution at the host level. Also, as a precautionary measure, don’t download files from unreliable sources or from dubious emails.
Having said all of that, confine mind, Windows 7 users won’t receive the safety patch next month because it has reached its End of Life. However, if you’ve got enrolled for extended security updates (which comes at a cost) then you’ll receive the update next month. Nevertheless, i might recommend all users to follow the below guide to patch the Windows Zero-Day attack immediately .
Fix Windows Zero-Day Vulnerability on Windows 10
1. First of all, open the File Explorer and click on on the “View” tab. then , click on both “Preview pane” and “Details pane” to disable them.
2. Both the panes shouldn’t be highlighted. It should appear as if this after disabling both the features.
4. alittle window will open up. Now, move to the “View” tab and enable the “Always show icons, never thumbnails” checkbox. It should appear on the highest . Finally, click on the “Ok” button. Now, you’ve got closed the doors for the Windows Zero-Day exploit to initiate an attack at the host level.
Disable the WebClient Service on Windows 10
Apart from disabling the preview pane, it’s also recommended to disable the WebClient service on both Windows 10 and seven out of abundant caution. this may disable all the requests coming from Web Distributed Authoring and Versioning (WebDAV) system which can make your computer inaccessible to the attacker. However, confine mind, it’d also disrupt some apps from properly working which believe the WebClient service.
1. First of all, press Windows and R keys directly to open the Run window. Here, type “services.msc” and hit enter.
2. Scroll down and appearance for the “WebClient” service. Right-click thereon and choose “Properties”.
3. Here, click on the “Stop” button to prevent the service then change the Startup type to “Disabled”. Now, click on the “Ok” button and restart your computer to form the changes
Apart from this, Microsoft also recommends to rename the ATMFD.DLL file which further mitigates the zero-day vulnerability on Windows computers. you’ll read the detailed instructions from the second-half of the page. In case, you’re unable to follow the steps, comment down below and that we will assist you out.
Patch Windows Zero-Day Attack on Windows 10 immediately
So that was all about the way to mitigate the danger and fix the zero-day vulnerability on Windows computers until Microsoft releases a security patch. Since the attack is being done through the preview pane, disabling the choice should stop the attack altogether. i might recommend you to form the changes immediately just to get on the safer side. Further, undergo our article on the simplest Windows Malware Removal tool so your PC can detect harmful files then and there. Also, share this text with other Windows users in order that they will also protect their PC. Anyway, that’s all from us. If you’re facing any issue then comment down below and allow us to know.