Sampei.Nihira Posted March 23, 2020 Share Posted March 23, 2020 (edited) https://www.bleepingcomputer.com/news/security/microsoft-warns-of-hackers-abusing-windows-adobe-library-zero-days/ Quote To be clear and despite its name, this is *not* Adobe code. Microsoft was given the source code for ATM Light for inclusion in Windows 2000/XP. After that, Microsoft took 100% responsibility for maintaining the code. — Rosyna Keller (@rosyna) March 23, 2020 As you can see it also affects Windows XP: More info for mitigations: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200006 I recommend users to disable WebClient service. Black Vipers also believes this service for Windows XP: Quote I have not found a reason to have this service running. I have a hunch that this is going to be required for Microsoft’s “.Net Software as a service.” For security reasons, I recommend for this service to be disabled. If some MS products, such as MSN Explorer, Media Player, NetMeeting or Messenger fail to provide a particular function, try to enable this service to see if it is “required” for your configuration. Developers using WebDAV may also need this for remote connectivity. which is therefore also disabled in the SAFE column: http://www.blackviper.com/service-configurations/black-vipers-windows-xp-x86-32-bit-service-pack-3-service-configurations/ Edited March 23, 2020 by Sampei.Nihira 1 Link to comment Share on other sites More sharing options...
RainyShadow Posted March 23, 2020 Share Posted March 23, 2020 (edited) Funny how this pops-up just a couple days after i linked a page explaining this exploit here on MSFN, lol. And it's 5 years after that page was published... Edited March 23, 2020 by RainyShadow Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted March 23, 2020 Author Share Posted March 23, 2020 (edited) @RainyShadow It may be interesting for UBO users to block third-party remote fonts: Quote *$font,third-party If you want to allow third-party fonts for some specific sites you can add them by modifying the above filter: Quote *$font,third-party,domain=~example.com|~other.example.net|~different.example.org https://github.com/gorhill/uBlock/wiki/Per-site-switches#no-remote-fonts It would be interesting to discuss whether this option is effective or not. Edited March 23, 2020 by Sampei.Nihira Link to comment Share on other sites More sharing options...
Sampei.Nihira Posted March 28, 2020 Author Share Posted March 28, 2020 (edited) Thanks to 0patch we have some more info: https://blog.0patch.com/2020/03/micropatching-unknown-0days-in-windows.html I went to check the PFM files: "open with Windows Font Viewer" start - run - fonts - double click on a font and you will see the Windows font viewer. No type of PFB file on my PC. The MMM file type is considered a media file, and opened with Media Player. So I created a new type of PFB file that is opened with I.E.8 which in my pc is blocked by a Novirusthanks OSArmor rule: Also changed the type of PFM file with I.E.8. For now, the MMM file type remains unchanged. Edited March 28, 2020 by Sampei.Nihira 1 Link to comment Share on other sites More sharing options...
Recommended Posts