Vulnerabilities are in atmfd.dll: a kernel module presented by Home windows
All at present supported variations of Microsoft Home windows (server and desktop) are uncovered to two new distant code execution (RCE) vulnerabilities which are remaining actively exploited in the wild in “limited focused attacks” — and there’s no patch but.
The new Home windows 0days are in atmfd.dll: a kernel module that is presented by Home windows and which supplies guidance for OpenType fonts. (Though acknowledged, in total, as “Adobe Variety Supervisor Font Driver”, it is Microsoft’s code, not Adobe’s).
Protection gurus at France’s Orange Cyberdefense mentioned if atmfd.dll was not present on a machine (it is not, evidently, on all) then mitigation was unwanted. Computer Organization Review could not quickly ensure this. Mitigations are urgent.
Microsoft warned today of the flaws (foundation CVSS: 10) that “there are a number of ways an attacker could exploit