Should I apply the critical fix?

[jaclaz]

21 minutes ago, XPHomeSP3 said:

P.S.  One more thing, what does "the specific 3D" mean?

 

It is "thread" written in a SMS or by a lazy person (I would think the latter, since it is not a SMS and no link to the specific thread where the other 2 personal mitigations are was given).

jaclaz

Edited May 7, 2020 by jaclaz

[Sampei.Nihira]

19 minutes ago, jaclaz said:

It is "thread" written in a SMS or by a lazy person (I would think the latter, since it is not a SMS and no link to the specific thread where the other 2 personal mitigations are was given).

jaclaz

The 3D to which I refer is written and therefore it is evident in the second post of this same 3D.

[Sampei.Nihira]

45 minutes ago, XPHomeSP3 said:

There's two reasons why:

1.  I read on the 0patch.com blog entry for March 26, 2020, entitled "Micropatching Unknown 0days in Windows Type 1 Font Parsing", that renaming the ATMFD.DLL file reliably blocks all remote and local attacks using these vulnerabilities.  The article specifically says, "This is the most effective mitigation, because it eliminates the vulnerable code."  As I understand it, your suggestions, while certainly effective, only block remote attacks.  Correct?
 
2.  I didn't realize that Windows XP didn't behave the same way as Windows 7 and Windows 10 does when renaming a protected file such as ATMFD.DLL.  In hindsight, I would not have done so if I had known this.

Knock on wood, I'm not experiencing any problems so far as a result of my actions, but I still don't have the answer to my questions:

1.  Am I still unprotected despite using the command prompt commands listed above to rename ATMFD.DLL in  Windows XP?

2.  How can I restore the ATMFD.DLL file to v.5.1.2.253 (the version it was before I renamed it and it subsequently auto-repaired)?

Thank you.

P.S.  One more thing, what does "the specific 3D" mean?

 

Disable the WebClient service = Works on all systems but won't mitigate the issue if you open a document with the vulnerable font class.

DisableATMFD registry key manually = Only works on older (before Windows 10) but completely mitigates the issue though can introduce usability issues in rare cases.

1) Yes.

2) I leave this question to who is more competent than me.

 

[XPHomeSP3]

47 minutes ago, Sampei.Nihira said:

DisableATMFD registry key manually = Only works on older (before Windows 10) but completely mitigates the issue though can introduce usability issues in rare cases.

I'm not sure how many times I've read the 0patch blog post I referenced previously, but after re-reading it again I apparently glazed over this line:

"Renaming ATMFD.DLL or disabling ATMFD via registry makes the vulnerability unreachable even for a local attacker who has ability to execute low-privileged arbitrary code on the computer."

Personally, I'm not a fan of modifying the registry because I don't want to mistakenly cause serious damage.  For me, renaming the ATMFD.DLL file seemed like a less risky choice to do and then undo if necessary.