Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • SolarWinds N-central Automate what you need. Tackle complex networks. Try this remote monitoring and management solution built to help maximize efficiency and scale.
    • SolarWinds RMM Start fast. Grow at your own pace. Try this powerful but simple remote monitoring and management solution.
    • SolarWinds EDR Defend against ransomware, zero-day attacks, and evolving online threats with Endpoint Detection and Response
    • SolarWinds Backup Manage data protection for servers, workstations applications, documents and Microsoft 365 from one SaaS dashboard.
    • Mail Protection & Archiving Protect users from email threats and downtime.
    • Password Management Easily adopt and demonstrate best practice password and documentation management workflows.
      • Passportal Demo
    • PSA & Ticketing Manage ticketing, reporting, and billing to increase helpdesk efficiency.
    • Remote Support Help support customers and their devices with remote support tools designed to be fast and powerful.
  • Solutions

    I'm looking for...

    • Security Solutions
    • Monitoring Solutions
    • Efficiency Solutions
  • Resources
    • Blog
    • Webcasts & Events
    • Ask the N-central Experts
    • Daily Live Demos
    • RMM Foundations Training
    • Upcoming Events
    • Upcoming Webcasts
    • Resource Center
    • COVID-19 Resources
    • Resource Library
      • Case Studies
      • Product Information
      • eBooks
      • White Papers
      • Infographics
    • SolarWinds MSP Free Tools
    • GDPR Resource Center
    • Security Resource Center
    • MSP Institute Webinar Series
    • MSP Advice Project
  • About
    • Contact
    • Customer Success
    • Worldwide sales and support
    • Careers
    • Awards and Recognition
    • Get A Quote
    • Newsroom
      • Press Releases
      • In The News
      • Media Contacts
      • COVID-19 Response
    • Leadership Team
    • Legal
      • Cookie Policy
      • Privacy Notice
      • Software Services Agreement
      • Terms of Use
      • Backup Fair Use Policy
    • Security
      • SolarWinds Security Statement
      • Vendor Data Protection Requirements
    • Support
  • IT Departments
  • Contact Sales
    • Get A Quote
    • General Inquiry
  • TRY NOW
    • SolarWinds RMM
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Passportal
    • SolarWinds N-central
    • SolarWinds Mail Assure
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Security New 0-Day Vulnerability in Windows Adobe Type Manager Library Exploited in the Wild
Security

New 0-Day Vulnerability in Windows Adobe Type Manager Library Exploited in the Wild

By Gill Langston
25 March, 2020

Generally, Microsoft announces vulnerabilities when they release patches on their (in)famous Patch Tuesday releases. That usually means bad actors only have a chance to investigate and exploit a vulnerability after the patch is released, leaving a small window of opportunity to use the vulnerability in attacks before systems have the patch applied.

On March 22, a 0-day vulnerability was announced that affects supported versions of Windows, including Windows 7. According to Microsoft, this vulnerability has been used in some limited targeted attacks in the wild against Windows 7. Per their advisory, an attacker would need to trick a user into opening a malicious document or viewing it in the Preview Pane of Windows Explorer. At the time of this article, Microsoft plans to release a patch for this vulnerability in April’s Patch Tuesday drop.

This means there is an increased risk over the next few weeks for files delivered via malicious emails. It should also be noted that versions of Windows 10 and the corresponding Server versions experience minimal risk from this vulnerability because the fonts are processed in a user mode AppContainer sandbox, which limits the overall impact.

In the article, Microsoft goes on to recommend three workarounds. Which one you implement will depend on what level of impact your supported end users can tolerate. All of them will limit the ability for a user to view documents in the Preview Pane of Windows Explorer. It should also be noted that the Outlook Preview Pane is NOT included in this vulnerability.

  1. Disable the Preview Pane and Details Pane. This will prevent the automatic display of Open Type Fonts (OTF).
  2. Disable the WebClient (WebDAV) service. This will prompt users to confirm before opening programs from the internet, adding another layer of decision before a file is opened. Note that this workaround will affect any WebDAV shares and render them unavailable.
  3. Rename ATMFD.dll on versions of Windows before version 1709 (the dll is not present on versions newer than this). This workaround may cause issues with any applications that use OTF.

The workarounds can vary from system to system, and you can view the individual steps in the advisory. Consider any effects these may have on your customers before you enable any workaround. If you would like to test and execute the “rename ATMFD” workaround, our Head Automation Nerd Marc-Andre Tanguay has built an AMP for you to download and review. Of course, you should run through the execution and effects on a test system before rolling out to your end users. Remember, this .dll does not exist on Windows 10 version 1709 and above.

You should also consider other mitigations to protect against any opportunistic bad actors.

Additional mitigations

As with any threats that must be delivered to and accessed by an end user, it is important to ensure your other layers of protection are in place and current:

  • Email protection blocks malicious emails and files and is the frontline defense to help prevent threats from making it to an end user.
  • User awareness helps make sure users are trained not to click on attachments or download files they were not expecting. Have them be mindful of typos and odd or unfamiliar email addresses in the emails they receive and think twice before opening unsolicited attachments.
  • Endpoint protection helps ensure your endpoint protection is up-to-date and running, and that all components (such as behavioral detection) are enabled.

We will wait to see whether Microsoft releases an out-of-band patch or waits until the April Patch Tuesday to fix this vulnerability. At that time, you would want to undo any workarounds you put in place to restore the full experience to your end users (the instructions to undo these workarounds are also included in the advisory). If you are still running Windows 7, bear in mind that unless you have purchased an ESU agreement, you will likely not receive any patches for this vulnerability and should consider upgrading to a supported operating system, as well as ensuring other mitigations are up-to-date and protecting the affected systems.

Let’s stay safe out there!

Gill Langston is head security nerd for SolarWinds MSP. You can follow Gill on Twitter at @cybersec_nerd

You might also like...
Security

January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be

Security

December 2020 Patch Tuesday—A quiet(er) finish to a busy year in vulnerabilities

Security

National Computer Security Day—It’s Not Just About the Computer Anymore

Security

November 2020 Patch Tuesday Update: 111 CVE Numbers Addressed

Security

US-CERT Releases Warning to Healthcare Organizations about Elevated Ransomware Risks

Security

EDR Is Now Integrated with SolarWinds RMM

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be
  • TAP Blog Series: Maximizing Your Service Delivery Opportunity
  • Why Do MSPs Choose SolarWinds Backup? IT Central Station Finds Out
  • Seven Features Remote Assistance Software Should Have
  • TAP Blog Series: Creating Your Automation Strategy—Three Key Components You Must Have in Place
Categories:
  • Security (229)
  • Tips & Advice (122)
  • Best Practices (94)
  • Managed Services (86)
  • Backup & Disaster Recovery (82)
  • Business Growth (75)
  • The Head Nerds (74)
  • IT Support (41)
  • Business (39)
  • Cybersecurity (37)
  • Automation (36)
  • Operations (33)
  • Mail (33)
  • Remote Management (27)
  • ITSM (25)
  • Cloud Computing (21)
  • Networking (21)
  • Data (21)
  • Marketing (14)
  • Product (11)
  • PSA (10)
  • Mobile (4)
  • Risk Intelligence (4)
  • Service Desk (4)
  • Services & Support (4)
  • Customer Service (3)
  • Internet of Things (3)
  • Research & Trends (2)
  • Training (2)
  • GDPR (2)
  • Business Risk (1)
  • LOGICcards (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.