on March 23, Microsoft admits zero-day vulnerability affects all Windows computers. The list of affected computers includes the latest Windows 10, including insider ones; Windows 8.1 and 8; Many versions of End of Life Windows 7 and Windows Server. However, the vulnerability is a limited targeted attack; which means it’s not that common and only a select number of users may be affected – especially those dealing with font files and the preview pane.
Microsoft narrowed down the attack to two vulnerabilities in the Adobe Type Manager Library that were exploited by the attackers. Having said that, the sad part is that Microsoft will release the security patch next month, most likely on April 14, 2020. Until then, you can take a number of actions yourself that can fix the Windows Zero-Day vulnerability in Windows. Currently 10 and 7 computers.
What is the Windows Zero-Day Vulnerability (March 2020)?
As I said above, this attack, Two currently unpatched vulnerabilities in Adobe Type Manager Library. Microsoft said it occurs when the “Windows Adobe Type Manager Library does not properly handle many specially crafted major fonts – the Adobe Type 1 PostScript format”.
Basically, when you download a font file, it shows a preview of the font in the thumbnail or preview pane. That’s where Remote Code Execution happens. Microsoft also recommends: The exploit may not only be limited to font files (OTF/TTF), but can also be extended to specially crafted documents.. Microsoft states that “there are multiple ways an attacker could exploit the vulnerability, such as by persuading a user to open a specially crafted document or viewing it in the Windows Preview pane.”
As a result, even if you just download a font file or document, the attack can be executed without explicitly opening the file. This is because attackers use Windows preview and thumbnail to exploit the vulnerability. So all we have to do is Disable both the preview pane and the thumbnail feature in Windows Explorer and your computer will stop execution at the host level. Also, as a precaution, do not download files from untrusted sources or suspicious emails.
Having said all that, keep in mind, Windows 7 users will not receive the security patch next month For reaching the End of His Life. However, if you have registered extended security updates (this comes at a cost) then you will get the update next month. Still, I advise all users to follow the guide below to fix the Windows Zero-Day attack right now.
Fix Windows Zero-Day Vulnerability in Windows 10, 8.1 and 8
1. First of all, open File Explorer and click on it. “View” tab. After that, click on both the “Preview pane” and the “Details pane” to disable them.
2. Both compartments should not be emphasized. It should look like this after disabling both features.
3. Next, under the same “Appearance” tab, Click on “Options” located in the upper right corner.
4. A small window will open. Now go to the “View” tab and Enable the “Always show icons, never show thumbnails” checkbox. It should appear at the top. Finally, click the “OK” button. You have now closed the doors of the Windows Zero-Day vulnerability to launch a host-level attack.
Fix Windows Zero-Day Vulnerability in Windows 7
Similar to Windows 10, in Windows 7 we need to disable the preview pane. However, the steps are slightly different as Windows Explorer in Windows 7 has slightly different menus and submenus.
1. Open File Explorer in Windows 7 and click on the “Edit” button located in the upper left corner. Here, click on the “Layout” menu and disable both Details pane and Preview pane.
2. Secondly, under the same “Edit” menu, “Folder and search options“.
3. Now go to the “Appearance” tab and Enable the checkbox for “Always show icons, never thumbnails”. You’re done. At least at the host level, this should mitigate the Windows Zero-Day Vulnerability on Windows 7 PCs.
Disable WebClient Service in Both Windows 10 and 7
Apart from disabling the preview pane, it is also recommended to very carefully disable the WebClient service in both Windows 10 and 7. This disables all requests from the Web Distributed Authoring and Versioning (WebDAV) system. will make your computer inaccessible to the attacker. However, be aware that it may also prevent some applications that rely on the WebClient service from working properly.
1. First of all, open the Run window by pressing the Windows and R keys at the same time. Here, Type “services.msc” and press enter.
2. Scroll down and Search for “WebClient” service. Right click on it and select “Properties”.
3. Here, click the “Stop” button to stop the service, and then Change the startup type to “Disabled”. Now, click the “OK” button and restart your computer to make the changes.
Apart from that, Microsoft also recommends: Rename the ATMFD.DLL file It further reduces zero-day vulnerability on Windows computers. You can do read detailed instructions from the second half of the page. If you are unable to follow the steps, comment below and we will assist you.
Patch Windows Zero-Day Attack Now on Windows 10 and 7
This was about how to mitigate risk and fix zero-day vulnerability on Windows computers until Microsoft released a security patch. Since the attack is done from the preview pane, disabling the option should stop the attack completely. To be on the safer side, I recommend making the changes right away. Also, check out our article on the best Windows Malware Removal tool so that your PC can detect malicious files right there. Also, share this article with other Windows users so they can protect their computers too. Anyway, that’s it for us. If you run into any issues, comment below and let us know.
