On March 23, Microsoft released an advisory for two vulnerabilities in Adobe Type Manager (ATM) Library, an integrated PostScript font library found in all versions of Windows. Although the name of the ATM library came from an Adobe developed tool, ATM Light, Microsoft included native support for the ATM fonts with the release of Windows Vista in 2007. These vulnerabilities therefore exist within Windows’ native integration for support of PostScript fonts.

Exploitation of these vulnerabilities could result in code execution on affected systems. Users are urged to implement Microsoft’s suggested workarounds to reduce risk until a patch is available.

Microsoft also states: “The threat is low for those systems running Windows 10 due to mitigations that were put in place with the first version released in 2015. Please see the mitigation section for details. Microsoft is not aware of any attacks against the Windows 10 platform. The possibility of remote code execution is negligible and elevation of privilege is not possible. We do not recommend that IT administrators running Windows 10 implement the workarounds described below.”

There are no known public proofs of concepts available for these vulnerabilities at this time, but Microsoft notes it is aware of “limited targeted Windows 7 based attacks” exploiting these vulnerabilities in the wild.

Microsoft offers several workarounds, including disabling the Preview pane and Details pane in Windows Explorer, disabling the WebClient service and renaming the Adobe Type Manager Font Driver dll file (ATMFD.dll). For the full details on the workarounds and their impact, please review the Workarounds section of the advisory. Organizations should deploy those workarounds as necessary.

A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. Tenable will release plugins once a patch is available from Microsoft, which is expected to be released on April’s Patch Tuesday based on Microsoft’s wording in the FAQ section of Microsoft’s advisory.

For more detailed technical information, please see our blog.