meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Tuesday, March 24th 2020

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News

4.9754 Ratings

🗓️ 24 March 2020

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Windows Font Parsing 0-Day; Covid-19 Malware Summary; Firefox Turning TLS 1.0 Back on

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Tuesday, March 24th, 2020 edition of the Sandcentred Storm Center's Stormcast. My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

0:13.2

Well, with everything going on in the world, probably the last thing you need is a vulnerability in Microsoft Windows that's currently not patched and that is already

0:25.2

being exploited. That's exactly what Microsoft announced today. Now, the vulnerability is

0:32.7

a font parsing vulnerabilities. These font parsing vulnerabilities are quite common. There are probably

0:39.2

a couple being fixed each month at Patch Tuesday. This one in particular relates to the type

0:46.3

one font parsing and affects the Adobe Type Manager library or ATMfd.d. DDL. All current versions of Windows are affected back to Windows

0:59.7

732 and 64 bits. Also, Windows Server 2008 and later is affected. So what can you do to mitigate this until a patch arrives?

1:13.6

Well, Microsoft offers a couple of workarounds.

1:16.6

The first one is just a disable, the preview pane and details pane in Windows Explorer.

1:23.6

That's probably the easiest thing to do as a regular user because it just requires you to use some basic settings.

1:33.1

And now a bit more tricky is either disabling the web client service, which actually probably doesn't ultimately fix the problem, but reduces your attack surface somewhat.

1:45.3

And probably the best fix, but a little bit the trickiest one is to rename ATMFD.D. DLL, the vulnerable

1:53.2

DLL. Now, a little bit about this. So renaming DLs like this, I wouldn't normally recommend it.

2:02.1

It tends to have some unintended consequences because now essentially you can no longer

2:07.7

render any fonts that need to be rendered by this library.

2:12.5

However, DDA found that on recent Windows 10 systems, talking anything 18 or 04 and later, this DLL

2:23.5

often appears to be missing.

2:26.1

So maybe it's not really all that important.

2:28.9

I'll leave this up to you.

2:30.5

It's really too early to make it of a definite decision whether or not it's worthwhile deleting or renaming this DL.

2:41.3

At this point, there is no public exploit for this vulnerability. It has been seen in targeted attacks.

2:49.0

Now, historically, these font parsing vulnerabilities, in particular as far as

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.