HomeWinBuzzer NewsMicrosoft Says Windows Flaw That Allows Remote Code Execution Won't Be Patched...

Microsoft Says Windows Flaw That Allows Remote Code Execution Won’t Be Patched until April

The RCE flaw is created by the way Windows handles the Adobe Type Manager library and won't see a fix until April 14.

-

has acknowledged a critical remote code execution (RCE) flaw in , Windows 7, Windows 8.1, and their server variants. The issue resides in the way the OS handles the Adobe Type Manager Library and has seen “limited” exploitation in the wild.

To utilize the bug, an attacker has multiple avenues. However, one option is the crafting of a specially crafted document that would then use the flaw to execute code when opened or viewed in the preview pane.

Thankfully, those running the latest version of Windows 10 should be well-protected by the OS' in-built security. Microsoft says “a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities”.

Despite this, the flaw is still marked as critical on 1909, the OS' latest update. To mitigate the risk on other OSes, users can disable the preview and details panes in Windows Explorer, disable the WebClient service, and rename ATMFD.DLL if it's present on your system.

These mitigations could prove vital, as Microsoft has noted no plans to roll out an emergency update to fix this vulnerability.

“Microsoft is aware of this vulnerability and working on a fix. Updates that address security vulnerabilities in Microsoft software are typically released on Update Tuesday, the second Tuesday of each month,” said the company. “This predictable schedule allows for partner quality assurance and IT planning, which helps maintain the Windows ecosystem as a reliable, secure choice for our customers.”

The next isn't due until April 14, so users will be vulnerable for several weeks. Either way, those on Windows 7 won't be receiving an official mitigation, owing to the fact it's now out of support.

SourceMicrosoft
Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News