Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Sign in to follow this  
Sampei.Nihira

Microsoft Warns of Hackers Abusing Windows Adobe Library Zero-Days

Recommended Posts

Posted (edited)

 

https://www.bleepingcomputer.com/news/security/microsoft-warns-of-hackers-abusing-windows-adobe-library-zero-days/

Quote

 

To be clear and despite its name, this is *not* Adobe code. Microsoft was given the source code for ATM Light for inclusion in Windows 2000/XP. After that, Microsoft took 100% responsibility for maintaining the code.

— Rosyna Keller (@rosyna) March 23, 2020

 

As you can see it also affects Windows XP:

OnbD8Gfb_o.jpg

More info for mitigations:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200006

I recommend users to disable WebClient service.

Black Vipers also believes this service for Windows XP:

Quote

I have not found a reason to have this service running. I have a hunch that this is going to be required for Microsoft’s “.Net Software as a service.” For security reasons, I recommend for this service to be disabled. If some MS products, such as MSN Explorer, Media Player, NetMeeting or Messenger fail to provide a particular function, try to enable this service to see if it is “required” for your configuration. Developers using WebDAV may also need this for remote connectivity.

which is therefore also disabled in the SAFE column:

http://www.blackviper.com/service-configurations/black-vipers-windows-xp-x86-32-bit-service-pack-3-service-configurations/

Edited by Sampei.Nihira
  • Like 1

Share this post


Link to post
Share on other sites

Posted (edited)

@RainyShadow ;)

 

It may be interesting for UBO users to block third-party remote fonts:

Quote

*$font,third-party

If you want to allow third-party fonts for some specific sites you can add them by modifying the above filter:

Quote

*$font,third-party,domain=~example.com|~other.example.net|~different.example.org

 

https://github.com/gorhill/uBlock/wiki/Per-site-switches#no-remote-fonts

It would be interesting to discuss whether this option is effective or not.:dubbio::hello:

 

 

Edited by Sampei.Nihira

Share this post


Link to post
Share on other sites
Posted (edited)

Thanks to 0patch we have some more info:

 

https://blog.0patch.com/2020/03/micropatching-unknown-0days-in-windows.html

I went to check the PFM files:

rwomOdoh_o.jpg

"open with Windows Font Viewer"

start - run - fonts - double click on a font and you will see the Windows font viewer.

No type of PFB file on my PC.
The MMM file type is considered a media file, and opened with Media Player.

So I created a new type of PFB file that is opened with I.E.8 which in my pc is blocked by a Novirusthanks OSArmor rule:

b16sDdO0_o.jpg

Also changed the type of PFM file with I.E.8.

For now, the MMM file type remains unchanged.

 

Edited by Sampei.Nihira
  • Like 1

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...