On 23rd March, Microsoft acknowledged a zero-day vulnerability that affects all the Windows computers. The list of affected computers includes the most-updated Windows 10 including the insider builds; Windows 8.1 and 8; Windows 7 which has reached its End of Life, and many versions of Windows Server. However, the vulnerability is a limited targeted attack which means it’s not that widespread and only a certain number of users can be affected — mainly those who deal with font files and the preview pane.
Microsoft has zeroed down the attack to two exploits in the Adobe Type Manager Library which the attackers are taking advantage of. Having said that, the sad part is that Microsoft will be releasing the security patch next month, most probably on April 14, 2020. So until then, you can take a series of actions by yourself which can fix Windows Zero-Day vulnerability on Windows 10 and 7 computers right now.
What is Windows Zero-Day Vulnerability (March 2020)?
As I said above, this attack corresponds to font parsing which leverages the two unpatched vulnerabilities currently available in the Adobe Type Manager Library. Microsoft said that it happens when “Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format”.
To break it down, basically, when you download a font file, it shows a preview of the font either in thumbnail or in the preview pane. And that’s where Remote Code Execution takes place. Microsoft also suggests that the exploit may not only be limited to font files (OTF/TTF) but can be extended to specially crafted documents. Microsoft states that “there are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.”
To conclude, even if you just download a font file or a document, the attack can be executed without explicitly opening the file. It’s because the attackers are using Windows preview and thumbnail to exploit the vulnerability. So all we have to do is disable both preview pane and thumbnail feature on Windows Explorer and your PC will stop the execution at the host level. Also, as a precautionary measure, do not download files from unreliable sources or from dubious emails.
Having said all of that, keep in mind, Windows 7 users won’t receive the security patch next month as it has reached its End of Life. However, if you have enrolled for extended security updates (which comes at a cost) then you will receive the update next month. Nevertheless, I would recommend all users to follow the below guide to patch the Windows Zero-Day attack right now.
Fix Windows Zero-Day Vulnerability on Windows 10, 8.1, and 8
First of all, open the File Explorer and click on the “View” tab. After that, click on both “Preview pane” and “Details pane” to disable them.
Both the panes should not be highlighted. It should look like this after disabling both the features.
Next, under the same “View” tab, click on “Options” located at the top-right corner.
A small window will open up. Now, move to the “View” tab and enable the “Always show icons, never thumbnails” checkbox. It should appear on the top. Finally, click on the “Ok” button. Now, you have closed the doors for the Windows Zero-Day exploit to initiate an attack at the host level.
Fix Windows Zero-Day Vulnerability on Windows 7
Similar to Windows 10, we have to disable the preview pane on Windows 7. However, the steps are slightly different as Windows Explorer on Windows 7 has slightly different menus and sub-menus.
Open the File Explorer on Windows 7 and click on the “Organize” button located at the top-left corner. Here, click on the “Layout” menu and disable both the Details pane and Preview pane.
Secondly, under the same “Organize” menu, click on “Folder and search options“.
Now, move to the “View” tab and enable the checkbox for “Always show icons, never thumbnails” option. You are done. At least, at the host level, this should mitigate the Windows Zero-Day Vulnerability on Windows 7 PCs.
Disable the WebClient Service on Both Windows 10 and 7
Apart from disabling the preview pane, it’s also recommended to disable the WebClient service on both Windows 10 and 7 out of abundant caution. This will disable all the requests coming from Web Distributed Authoring and Versioning (WebDAV) system which will make your computer inaccessible to the attacker. However, keep in mind, it might also disrupt some apps from properly working which rely on the WebClient service.
First of all, press Windows and R keys at once to open the Run window. Here, type “services.msc” and hit enter.
Scroll down and look for the “WebClient” service. Right-click on it and select “Properties”.
Here, click on the “Stop” button to stop the service and then change the Startup type to “Disabled”. Now, click on the “Ok” button and restart your computer to make the changes.
Apart from this, Microsoft also recommends to rename the ATMFD.DLL file which further mitigates the zero-day vulnerability on Windows computers. You can read the detailed instructions from the second-half of the page. In case, you are unable to follow the steps, comment down below and we will help you out.
Patch Windows Zero-Day Attack on Windows 10 and 7 Right Now
So that was all about how to mitigate the risk and fix the zero-day vulnerability on Windows computers until Microsoft releases a security patch. Since the attack is being done through the preview pane, disabling the option should stop the attack altogether. I would recommend you to make the changes immediately just to be on the safer side. Also, share this article with other Windows users so that they can also protect their PC. Anyway, that is all from us. If you are facing any issue then comment down below and let us know.