[Fix] Critical Font Vulnerability in Windows 7, 8/8.1 and Windows 10

On March 23, 2020, Microsoft published a security advisory ADV200006 (Type 1 Font Parsing Remote Code Execution Vulnerability) about limited targeted attacks that could leverage un-patched vulnerabilities in Adobe Type Manager Library.

The vulnerability is present in all Windows versions such as Windows 7, Windows 8/8.1, Windows 10, Windows RT 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019. The vulnerability is found in all Windows editions and architecture type such as 32-bit (x86), 64-bit (x64), ARM64 and Itanium-based.

Related: How to Check Which Windows Version is Installed in My Computer?

Advertisement

Microsoft told that two remote code execution vulnerabilities exist in these Windows versions when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.

There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.

Microsoft is aware of this vulnerability and working on a fix. But updates that address security vulnerabilities in Microsoft software are typically released on Update Tuesday, the second Tuesday of each month.

So in the meantime, users need to manually patch these vulnerabilities by following methods given in this article until the security update is released for all affected Windows versions.

A. Disable Preview Pane and Details Pane in Windows Explorer

Since an attacker could exploit the vulnerability by previewing OTF fonts in preview pane, the first thing you need to do is turn off Preview Pane and Details Pane in Windows Explorer (also known as My Computer, This PC or File Explorer).

1. Open This PC or File Explorer from Desktop or using WIN+E hotkey.

2. Now disable Preview Pane and Details Pane. You can quickly and easily disable Preview Pane and Details Pane by pressing ALT+P and ALT+SHIFT+P hotkeys respectively. Pressing these keys toggles the appearance of Details Pane and Preview Pane. So press these hotkeys until both panes get disappear.

Advertisement

Disable_Preview_Pane_Details_Pane_Windows_Explorer.png

Alternatively, you can also disable Details Pane and Preview Pane using “Organize -> Layout” menu or “Ribbon -> View” tab.

B. Disable Thumbnails View in Windows Explorer

1. Open This PC or File Explorer and open Folder Options (from Tools menu in Windows XP, from Organize menu in Windows 7, from Ribbon -> View in Windows 8/8.1 and Windows 10).

2. Go to View tab in Folder Options and enable “Always show icons, never thumbnails” option.

Always_Show_Icons_Never_Thumbnails_Windows_Explorer.png

Apply changes and close Windows Explorer.

C. Disable WebClient Service

Disabling WebClient service will help protect all affected systems from attempts to exploit this vulnerability by blocking the most likely remote attack vector through the Web Distributed Authoring and Versioning (WebDAV) client service. After applying this workaround it is still possible for remote attackers who successfully exploit this vulnerability to cause the system to run programs located on the targeted user’s computer or the Local Area Network (LAN), but users will be prompted for confirmation before opening arbitrary programs from the Internet.

1. Press WIN+R keys together to launch RUN dialog box, type services.msc and press Enter. It’ll open Service Manager.

2. Now scroll down and look for WebClient service.

Disable_WebClient_Service_Windows.png

3. Double-click on WebClient service to open its Properties window. Now set “Startup type” to “Disabled” from the drop-down box and apply changes.

Close Services Manager.

D. Rename ATMFD.DLL File

NOTE: ATMFD.DLL file is not present in Windows 10 version 1709 and later. So you need to follow this method for other Windows versions.

1. Open Command Prompt as Administrator using any method given in following tutorial:

[Guide] Different Ways to Open Command Prompt as Administrator in Windows

2. Now run following commands in Command Prompt:

cd “%windir%\system32”
takeown.exe /f atmfd.dll
icacls.exe atmfd.dll /save atmfd.dll.acl
icacls.exe atmfd.dll /grant Administrators:(F)
rename atmfd.dll x-atmfd.dll

If you are using 64-bit (x64) edition of Windows, you’ll need to run following extra commands as well:

cd “%windir%\syswow64”
takeown.exe /f atmfd.dll
icacls.exe atmfd.dll /save atmfd.dll.acl
icacls.exe atmfd.dll /grant Administrators:(F)
rename atmfd.dll x-atmfd.dll

Close Command Prompt.

E. Disable ATMFD using Registry Editor

1. Press WIN+R keys together to launch RUN dialog box. Now type regedit and press Enter. It’ll open Registry Editor.

2. Now go to following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

3. In right-side pane, create a new DWORD DisableATMFD and set its value to 1

Disable_ATMFD_Registry_Editor_Windows.png

Close Registry Editor and Restart your computer to take effects.

That’s it. Very soon Microsoft will release an official patch or security update to fix this security vulnerability found in all Windows versions.

Published in: Windows 10, Windows 7, Windows 8

About the author: Vishal Gupta (also known as VG) has been awarded with Microsoft MVP (Most Valuable Professional) award. He holds Masters degree in Computer Applications (MCA). He has written several tech articles for popular newspapers and magazines and has also appeared in tech shows on various TV channels.

Comments

NOTE: Older comments have been removed to reduce database overhead.

  1. Dear Vishal Gupta

    I wonder a few things as I have disabled remote acces to my PC
    Does this concern me nevertheless

    Best Regards
    Peter Alexander London

    PS
    Stay healthy in these dark times

  2. You wrote: “…create a new DWORD DisableATMFD”

    In a 64-bit Windows version, should the new DWORD be a 32-bit Dword or a 64-bit Dword?

  3. ^^ New DWORD (32-bit).

    @Manny
    It should be available for Windows 7 as well.

    @Peter Alexander London
    I suggest to implement the fixes.

  4. @VG
    Thank for your quick respons
    I just did the changes
    My question now is, do I have change it back manual after a patch is been delivered by MS?
    I bookmarked this page to remember me what I changed so I can eventualy reset my PC by hand.

    Best regards
    Peter Alexander London

  5. ^^ No need to undo any changes. But you can if you want after installing the released patch.

Leave a Comment

Your email address will not be published. Required fields are marked *

NOTE: Your comment may not appear immediately. It'll become visible once we approve it.