Unpatched Windows 7 vulnerability being used in targeted attacks

A serious vulnerability in Adobe Type Manager Library, a Windows DLL file used by numerous software applications, is being actively exploited, but so far only in a very limited way.

The vulnerability technically could affect all versions of Windows, but security features in current releases of Windows 10 seem to provide sufficient protection.

So far the attacks only seem to be targeting Windows 7 computers. Given that Windows 7 is no longer supported by Microsoft, we might expect that this bug would remain unpatched forever. But Microsoft has shown that it is willing to provide certain post-support Windows 7 security updates to the general public.

In any case, if you run Windows 7, the advice for fending off attacks using this vulnerability are basically the same as always: exercise extreme caution when opening suspicious documents. Even simply previewing an infected document in the Windows Explorer preview pane can allow a Windows 7 computer to be exploited remotely.

So the old advice about disabling preview panes remains valid. Any software that shows a preview of the contents of a file or email is in effect opening that file or email, which can trigger an embedded exploit on vulnerable computers. I strongly recommend disabling all such functionality, so that files and emails are never opened unintentionally, and to see the contents of files and emails, you must explicitly open them.

The related security advisory published by Microsoft also includes some workarounds, but these involve making changes to Windows that are themselves risky.

Given the wording of Microsoft’s bulletin, it seems likely that the NSA discovered this vulnerability and developed the exploit, which they are now using in their investigations. If that’s the case, the NSA may — in the post-EternalBlue/WannaCry world — have decided to inform Microsoft for the good of all.

In other words, for now you’re safe unless you’re the target of an NSA investigation. But it won’t be long until exploits attacking this vulnerability are in the hands of malicious actors.

About jrivett

Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.