New Windows 10 Flaw Lets Hackers Install Malware Through Documents

Windows is still vulnerable to the zero-day security flaw that lets attackers inject malicious code onto a fully updated system, Microsoft warned on Monday.

The software maker said in an advisory published yesterday that Windows systems still have two vulnerabilities that attackers can use to install malware or ransomware onto the system through specially crafted documents. This security flaw exists in the Adobe Type Manager Library, which is one of Window’s DLL files that a large number of applications use for their fonts.

Attackers can exploit this vulnerability by convincing anyone to open a document rigged with maliciously crafted master fonts or by viewing it in Windows preview pane.

A patch for this vulnerability has not been released yet, but until it becomes available, Microsoft has suggested a couple of workarounds that people can use to stay safe.

  • Disable the Preview Pane and Details Pane in Windows Explorer
  • Disable the WebClient service
  • Rename ATMFD.DLL, or alternatively, disable the file from the registry

However, Microsoft has said that they’re working on a fix and that it should be available soon, the company also stated:

Microsoft is aware of this vulnerability and working on a fix. Updates that address security vulnerabilities in Microsoft software are typically released on Update Tuesday, the second Tuesday of each month. This predictable schedule allows for partner quality assurance and IT planning, which helps maintain the Windows ecosystem as a reliable, secure choice for our customers.



>