Recently, Microsoft released an emergency notice loophole ADV200006. The notice indicates the presence of two zero-day remote code execution vulnerability Adobe Type Manager library.
According to reports, the main reason for these two remote code execution vulnerability is Windows Adobe Type Manager library does not properly handle specially crafted multiple master font -Adobe Type 1 PostScript format. Vulnerability assessment are very serious, we have disabled the Windows 7 have also been affected by these vulnerabilities.
An attacker can attack in a variety of situations, such as to convince victims visit a specially crafted file in Windows preview.
Microsoft is currently preparing a patch associated with this vulnerability is expected to be released in February patch Tuesday. Currently, Microsoft only temporarily provide relief method.
We recommend that you pay attention to the progress in repairing Microsoft vulnerabilities, and the user can first refer to the corresponding mitigation plans.
Affected versions
- Windows 10,8.1 and Server 2008,2012,2016 and 2019 edition
- Windows 7
Mitigation recommendations
Disable the preview pane and the details pane in Windows Explorer
1. Open Windows Explorer, click the "organization" and then click "Layout."
2. Clear the "Details" pane and "Preview" pane menu options.
3. Click the "organization" and then click "Folder and Search Options."
4. Click the View tab.
5. Under the "Advanced" settings, select "Always show icons, never thumbnails" box.
6. Examples close all open Windows Explorer for the changes to take effect.
Disable the WebClient service
1. Click "Start," click "Run" (or press the Windows key and R on the keyboard), type Services.msc, and then click "OK."
2. Right-click WebClient service and select "Properties."
3. Change the Startup type to Disabled. If the service is running, click "Stop."
4. Click "OK" and exit the management application.
Rename ATMFD.DLL
For 32-bit system:
cd “%windir%\system32”
takeown.exe /f atmfd.dll
icacls.exe atmfd.dll /save atmfd.dll.acl
icacls.exe atmfd.dll /grant Administrators:(F)
Rename atmfd.dll x-atmfd.dll
For 64-bit systems:
cd “%windir%\system32”
takeown.exe /f atmfd.dll
icacls.exe atmfd.dll /save atmfd.dll.acl
icacls.exe atmfd.dll /grant Administrators:(F)
Rename atmfd.dll x-atmfd.dll
cd “%windir%\syswow64”
takeown.exe /f atmfd.dll
icacls.exe atmfd.dll /save atmfd.dll.acl
icacls.exe atmfd.dll /grant Administrators:(F)
Rename atmfd.dll x-atmfd.dll
Restart the system.