Vulnerabilities are in atmfd.dll: a kernel module provided by Windows
All at this time supported versions of Microsoft Windows (server and desktop) are uncovered to two new remote code execution (RCE) vulnerabilities which are staying actively exploited in the wild in “limited targeted attacks” — and there’s no patch still.
The new Windows 0days are in atmfd.dll: a kernel module that is provided by Windows and which presents guidance for OpenType fonts. (Though recognized, in complete, as “Adobe Form Supervisor Font Driver”, it is Microsoft’s code, not Adobe’s).
Protection specialists at France’s Orange Cyberdefense stated if atmfd.dll was not current on a machine (it is not, evidently, on all) then mitigation was unneeded. Computer system Enterprise Assessment could not quickly validate this. Mitigations are urgent.
Microsoft warned these days of the flaws (foundation CVSS: 10) that “there are many strategies an attacker could exploit the vulnerability, this