ATM FONT MANAGER RISK

Most people do not use Adobe Type 1 fonts as TrueType and OpenType have superseded them long ago. All versions of Windows 7 and upward are affected.

Evidently there is a new security hole with ATMFD.DLL so its advisable to rename this file until Redmond can fix the problem. WIndows server 2008 also had an issue with ATMFD.DLL but this way patched in 2018.

The problem is that a crafted document could lead to remote code execution. Most likely this is due to the object linking and embedding (OLE) security. OLE fonts have been used by Windows 3.0 onward. When Windows 3.1 began supporting TrueType this expanded the ability for third party fonts to be used. The fault is a website using a type 1 font.

“For systems running supported versions of Windows 10, a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities,” Microsoft said.

The next Windows update is not expected until April 14 unless Microsoft releases it out of band. Microsoft has released updates many times out of band. It is unusual for security issues to be published without being fixed already.

MITIGATION

For a fully patched Windows 10 x64, open an elevated command prompt and run:

cd "%windir%\system32" 
takeown.exe /f atmfd.dll 
icacls.exe atmfd.dll /save atmfd.dll.acl 
icacls.exe atmfd.dll /grant Administrators:(F) 
rename atmfd.dll x-atmfd.dll 
cd "%windir%\syswow64" 
takeown.exe /f atmfd.dll 
icacls.exe atmfd.dll /save atmfd.dll.acl 
icacls.exe atmfd.dll /grant Administrators:(F) 
rename atmfd.dll x-atmfd.dll

Reboot your system afterwards.

AMD FORUM

I posted this on the AMD forum only to have somebody copy my code which is a violation of my copyright and I posted a DMCA complaint. AMD removed all of the offending material and I removed my post and subsequent replies.

Many people copy web pages which is not legal. A post is like a newspaper story, which belongs to the newspaper the journalist works for. Unfortunately it is not possible to block copying with this host.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a website or blog at WordPress.com

Up ↑

Create your website at WordPress.com
Get started
%d bloggers like this: