Adobe Type Manager font library (atmfd.dll) used in Microsoft Windows has been reported to contain unpatched security vulnerabilities. These vulnerabilities exist in all current Windows versions including Windows Server versions.
There are already known exploits for these vulnerabilities. By exploiting the vulnerability attacker could achieve a possibility to execute remote code on the target system. An attack can be done for example by persuading the user to open a document containing the malicious code, or even viewing this document in preview mode.
Microsoft has not yet released a fix for the vulnerability but lists three possible workarounds in their Security Advisory: ADV200006 | Type 1 Font Parsing Remote Code Execution Vulnerability:
- Disable Preview Pane and Details pane in Windows Explorer
- Disable WebClient service
- Rename ATMFD.DLL
The first two should work for all Windows versions, but they only limit the risk by disabling some attack vectors. Vulnerability still exists when opening a malicious document. The last one should work for older versions before Windows 10 and should eliminate the vulnerability.
Please note that Microsoft does not currently recommend implementing these workarounds on Windows 10 devices.
Implementing workarounds with Miradore
We have collected here sample implementations of the workarounds that can be deployed through Miradore (Enterprise subscription required).
General advice: When implementing any of the following packages, it is highly recommended to test them on a smaller group of devices including all the operating system versions. Make sure changing the settings won’t cause any unexpected implications on your device fleet.
How to add packages in Miradore
- Download the attached scripts to be run in package
- Open your Miradore Online site
- Move to Applications
- Add the application:
- Select Add > Windows application (see here for details)
- Select Advanced
- Define (at least):
- Media type: File upload
- Upload the attached file used in this particular package
- Check package specific settings below under each package
- Select Create.
- Test the package with a smaller device group before wider deployment.
Disable Preview Pane and Details pane in Windows Explorer
Disabling these panes requires configuring user-specific settings, i.e. settings defined separately for each user account on a computer, User-specific settings are not easy to configure remotely, especially if there are multiple users logging into one computer. User-specific settings can possibly be configured via Group Policies or login script.
Disable WebClient service
- Action: Stops and disables the WebClient service
- Script file: DisableWebClientSvc
- Package settings:
- Please note: File ATMFD.DLL is not present on Windows installations before Windows 10 version 1709.
- Action: If file “%windir%\system32\atmfd.dll” is found, takes the ownership of the file, updates file ACL and renames file as “x-atmfd.dll”
- Script file: RenameATMFD
- Package settings:
When Microsoft releases the fix for these vulnerabilities, you can use Miradore to install the patches to your Windows devices.