How to Avoid Using the New Windows Font Parsing Zero-Day GPO Vulnerability

Service administrators Active Directory (AD) of Microsoft can mitigate the effects of the new zero-day vulnerability, which was recently revealed and allows remote code execution in Windows Adobe Type Manager Library in large AD environments. Mitigation can be done with its use group policy (GPO).

Η Microsoft had said on March 23 that some had been identified targeted attacks on devices running Windows 7, attempting to exploit two uncorrected vulnerabilities (new and older) at Adobe Type Manager Library.

Vulnerabilities affect running devices desktop and server versions of Windows, including the Windows 10, Windows 8.1, Windows 7 and multiple versions of Windows Server.

To take advantage of the issues security, the invaders deceive them victims, to open maliciously documents or just view them via Windows Preview pane.

Η Microsoft has already provided some solutions to reduce the risks posed by attacks using these vulnerabilities. Some of these solutions are deactivate Preview and Details pane on Windows ExplorerThe deactivate the WebClient service and renaming of the vulnerable library (ATMFD.DLL).

However, Microsoft's solutions are not easy to implement to mitigate attacks on AD's environment business.

According to Sylvain Cortes, you can alleviate the problem with its help Group Policy (Group Policy Object-GPO).

Use of GPOs to mitigate risk in businesses

First of all, open it GPMC console and create one new GPO by right-clicking on the folder "Group Policy Objects".

Then go to: User Configuration> Policies> Administrative Templates> Windows Components> File Explorer and enable the two GPO options shown in the image below. This will turn off preview locally and across the network.

"Close the GPO and link that GPO to all user accounts in your organization," Sylvain added.

Then create a new GPO via GPMC and turn off WebClient from Computer Configuration> Policies> Windows Settings> Security Settings> System Services.

This GPO must also be connected to all of them accounts at organization to turn off WebClient everywhere.

Both GPOs will have to come back when Microsoft releases one updated version for correcting font parsing zero-day vulnerabilities.

Microsoft says it is working to fix zero-day vulnerabilities and hints that this will happen with the release of the new Patch Tuesday (on 14 April).