Friday, January 15, 18:57
Home how To How to avoid exploiting the new Windows Font Parsing Zero-Day vulnerability ...

How to Avoid Using the New Windows Font Parsing Zero-Day GPO Vulnerability

GPO

Service administrators Active Directory (AD) of Microsoft can mitigate the effects of the new zero-day vulnerability, which was recently revealed and allows remote code execution in Windows Adobe Type Manager Library in large AD environments. Mitigation can be done with its use group policy (GPO).

Η Microsoft had said on March 23 that some had been identified targeted attacks on devices running Windows 7, attempting to exploit two uncorrected vulnerabilities (new and older) at Adobe Type Manager Library.

Vulnerabilities affect running devices desktop and server versions of Windows, including the Windows 10, Windows 8.1, Windows 7 and multiple versions of Windows Server.

To take advantage of the issues security, the invaders deceive them victims, to open maliciously documents or just view them via Windows Preview pane.

Η Microsoft has already provided some solutions to reduce the risks posed by attacks using these vulnerabilities. Some of these solutions are deactivate Preview and Details pane on Windows ExplorerThe deactivate the WebClient service and renaming of the vulnerable library (ATMFD.DLL).

However, Microsoft's solutions are not easy to implement to mitigate attacks on AD's environment business.

According to Sylvain Cortes, you can alleviate the problem with its help Group Policy (Group Policy Object-GPO).

Use of GPOs to mitigate risk in businesses

First of all, open it GPMC console and create one new GPO by right-clicking on the folder "Group Policy Objects".

Then go to: User Configuration> Policies> Administrative Templates> Windows Components> File Explorer and enable the two GPO options shown in the image below. This will turn off preview locally and across the network.

Windows

"Close the GPO and link that GPO to all user accounts in your organization," Sylvain added.

Then create a new GPO via GPMC and turn off WebClient from Computer Configuration> Policies> Windows Settings> Security Settings> System Services.

This GPO must also be connected to all of them accounts at organization to turn off WebClient everywhere.

Zero-Day

Both GPOs will have to come back when Microsoft releases one updated version for correcting font parsing zero-day vulnerabilities.

Microsoft says it is working to fix zero-day vulnerabilities and hints that this will happen with the release of the new Patch Tuesday (on 14 April).

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

Android: How to see which apps have access to your site

It's no secret that smartphone apps have access to many permissions - if you let them. It is important to make sure ...

Canon lets you take pictures from space

Instead of releasing new cameras for CES 2021, Canon is doing something different: It lets you take pictures from space ....

Wikipedia vs Big tech: Who fights misinformation?

As Election Day turned into US Election Week, Facebook, Twitter and YouTube were trying to prevent ...
00:02:36

Tesla: It is called to recall cars due to problematic screens

The touch screen in some Tesla cars seems to have a problem, which could ...

Ransomware is responsible for half of all data breaches in hospitals

Almost half of the data breaches committed in hospitals and the wider healthcare sector are due to ransomware attacks, ...

Astronomers have just found the oldest oversized black hole

A quasar was discovered in a dark corner of space - over 13,03 billion light-years away - and contains a ...

What are the best and most affordable 5G phones for 2021

The market will soon be flooded with mid-range 5G devices. Everything that happens will be really exciting: you will be able to ...

Verified Twitter accounts in a cryptocurrency scam with the name of Elon Musk violated!

Lately, hackers have been violating verified Twitter accounts in a cryptocurrency giveaway scam, in which the name of the CEO is used ...

Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...