Jump to content

Microsoft Warns of Hackers Abusing Windows Adobe Library Zero-Days


Sampei.Nihira

Recommended Posts

 

https://www.bleepingcomputer.com/news/security/microsoft-warns-of-hackers-abusing-windows-adobe-library-zero-days/

Quote

 

To be clear and despite its name, this is *not* Adobe code. Microsoft was given the source code for ATM Light for inclusion in Windows 2000/XP. After that, Microsoft took 100% responsibility for maintaining the code.

— Rosyna Keller (@rosyna) March 23, 2020

 

As you can see it also affects Windows XP:

OnbD8Gfb_o.jpg

More info for mitigations:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200006

I recommend users to disable WebClient service.

Black Vipers also believes this service for Windows XP:

Quote

I have not found a reason to have this service running. I have a hunch that this is going to be required for Microsoft’s “.Net Software as a service.” For security reasons, I recommend for this service to be disabled. If some MS products, such as MSN Explorer, Media Player, NetMeeting or Messenger fail to provide a particular function, try to enable this service to see if it is “required” for your configuration. Developers using WebDAV may also need this for remote connectivity.

which is therefore also disabled in the SAFE column:

http://www.blackviper.com/service-configurations/black-vipers-windows-xp-x86-32-bit-service-pack-3-service-configurations/

Edited by Sampei.Nihira
Link to comment
Share on other sites


@RainyShadow ;)

 

It may be interesting for UBO users to block third-party remote fonts:

Quote

*$font,third-party

If you want to allow third-party fonts for some specific sites you can add them by modifying the above filter:

Quote

*$font,third-party,domain=~example.com|~other.example.net|~different.example.org

 

https://github.com/gorhill/uBlock/wiki/Per-site-switches#no-remote-fonts

It would be interesting to discuss whether this option is effective or not.:dubbio::hello:

 

 

Edited by Sampei.Nihira
Link to comment
Share on other sites

Thanks to 0patch we have some more info:

 

https://blog.0patch.com/2020/03/micropatching-unknown-0days-in-windows.html

I went to check the PFM files:

rwomOdoh_o.jpg

"open with Windows Font Viewer"

start - run - fonts - double click on a font and you will see the Windows font viewer.

No type of PFB file on my PC.
The MMM file type is considered a media file, and opened with Media Player.

So I created a new type of PFB file that is opened with I.E.8 which in my pc is blocked by a Novirusthanks OSArmor rule:

b16sDdO0_o.jpg

Also changed the type of PFM file with I.E.8.

For now, the MMM file type remains unchanged.

 

Edited by Sampei.Nihira
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...