Microsoft’s First ‘Patch Tuesday’ of the Year Brings Fix for Defender Zero-Day
Last updated September 23, 2021
Microsoft has released a security advisory to warn users of unpatched zero-day flaws that are being under active exploitation, albeit at a limited scale. The vulnerabilities exist in the way that Microsoft Windows handles a particular font format through the Adobe Type Manager Library. Unfortunately, there are multiple ways to exploit the flaws and open the door to remote code execution. The simplest of all would be to convince the victim to open a document, whereas merely viewing it in the Windows Preview mode would be enough to create successful attack conditions.
The Windows versions that are impacted by this flaw are Windows 10, 8.1, Server 2008, 2012, 2016, 2019, and the unsupported Windows 7. Microsoft is working on a fix to the identified flaws which will arrive on April 14, 2020, with the Patch Tuesday updates. Until then, you may apply the following workarounds.
The above mitigations don’t address the full spectrum of potential attack methods, but they will at least make it harder for the attacker to exploit the zero-day bugs. As Microsoft clarifies, activating the “Enhanced Security Configuration” won’t mitigate the flaws, and won’t reduce the attack vectors. Users of Windows 7, Windows Server 2008, or Windows Server 2008 R2 will only receive the security update that addresses the discovered problems if they have a valid ESU license. Finally, Microsoft clarified that the Outlook Preview Pane is not vulnerable to exploitation by malicious documents, so you may leave this active.