The frequency with which news on zero-day vulnerabilities exploited in the wild have appeared is one of the main concerns for the cybersecurity community. Recently, a report by Microsoft’s vulnerability assessment team revealed that threat actors have been actively exploiting a zero-day flaw to run malicious code on Windows systems, even those that have all company security updates.
According to the report, this is a remote code execution vulnerability linked to some recently detected attacks and residing in the Adobe Type Manager Library, a Windows DLL used by multiple applications for the management and representation of Adobe Systems fonts.
To be specific, the attack involves exploiting two code execution vulnerabilities that could be triggered to generate inappropriate handling of master sources designed for malicious purposes. To exploit the flaws, hackers only have to trick the target user into opening a specially crafted document.
Microsoft’s vulnerability assessment team did not specify whether threat actors have succeeded in their attacks or if they are otherwise only hacking attempts. It should be noted that, in most cases, Windows security mechanisms can prevent an exploit from working as attackers expect.
So far, Microsoft has not released a patch, although a group of vulnerability assessment specialists issued the following recommendations to mitigate the risk of exploitation:
- Disable Preview and Details panes in Windows Explorer
- Disable the WebClient service
- Rename ATMFD. DLL; or deactivate the log file
In addition, Windows deployment administrators are encouraged to stay on top of company updates about this security issue and the release of full patches.
According to the International Institute of Cyber Security (IICS), given the characteristics of the attack, and Microsoft’s apparent opacity with respect to the targets identified so far, it is highly likely that it will be a cyber espionage campaign against relevant government officials or managers/directors of some major company.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.