How to Fix Windows Zero-Day Vulnerability on Windows 10, 8.1, 8, and 7

Mar. 24, 2020



On 23rd March,Microsoft acknowledged a zero-day vulnerabilitythat affects all the Windows computers. The list of affected computers includes the most-updated Windows 10 including the insider builds; Windows 8.1 and 8; Windows 7 which has reached its End of Life, and many versions of Windows Server. However, the vulnerability is a limited targeted attack which means it’s not that widespread and only a certain number of users can be affected — mainly those who deal with font files and the preview pane.

As I said above, this attack corresponds to font parsing which leverages thetwo unpatched vulnerabilities currently available in the Adobe Type Manager Library. Microsoft said that it happens when “Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format”.

To break it down, basically, when you download a font file, it shows a preview of the font either in thumbnail or in the preview pane. And that’s where Remote Code Execution takes place. Microsoft also suggests thatthe exploit may not only be limited to font files (OTF/TTF) but can be extended to specially crafted documents. Microsoft states that “there are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.”

To conclude, even if you just download a font file or a document, the attack can be executed without explicitly opening the file. It’s because the attackers are using Windows preview and thumbnail to exploit the vulnerability. So all we have to do isdisable both preview pane and thumbnail feature on Windows Explorerand your PC will stop the execution at the host level. Also, as a precautionary measure, do not download files from unreliable sources or from dubious emails.

Having said all of that, keep in mind,Windows 7 users won’t receive the security patch next monthas it has reached its End of Life. However, if you have enrolled forextended security updates(which comes at a cost) then you will receive the update next month. Nevertheless, I would recommend all users to follow the below guide to patch the Windows Zero-Day attack right now.

Fix Windows Zero-Day Vulnerability on Windows 10, 8.1, and 8

Fix Windows Zero-Day Vulnerability on Windows 10, 8.1, and 8

  1. First of all, open the File Explorer and click onthe “View” tab. After that, click on both “Preview pane” and “Details pane” to disable them.

  2. Both the panesshould not be highlighted. It should look like this after disabling both the features.

  3. Next, under the same “View” tab,click on “Options”located at the top-right corner.

  4. A small window will open up. Now, move to the “View” tab andenable the “Always show icons, never thumbnails” checkbox. It should appear on the top. Finally, click on the “Ok” button. Now, you have closed the doors for the Windows Zero-Day exploit to initiate an attack at the host level.

Similar to Windows 10, we have to disable the preview pane on Windows 7. However, the steps are slightly different as Windows Explorer on Windows 7 has slightly different menus and sub-menus.

  1. Open the File Explorer on Windows 7 and click on the “Organize” button located at the top-left corner. Here, click on the “Layout” menu anddisable both the Details pane and Preview pane.

  2. Secondly, under the same “Organize” menu, click on “Folder and search options“.

  3. Now, move to the “View” tab andenable the checkbox for “Always show icons, never thumbnails” option. You are done. At least, at the host level, this should mitigate the Windows Zero-Day Vulnerability on Windows 7 PCs.

Apart from disabling the preview pane, it’s also recommended to disable the WebClient service on both Windows 10 and 7 out of abundant caution. This will disable all the requests coming from Web Distributed Authoring and Versioning (WebDAV) system whichwill make your computer inaccessible to the attacker. However, keep in mind, it might also disrupt some apps from properly working which rely on the WebClient service.

  1. First of all, press Windows and R keys at once to open the Run window. Here,type “services.msc”and hit enter.

  2. Scroll down andlook for the “WebClient”service. Right-click on it and select “Properties”.

  3. Here, click on the “Stop” button to stop the service and thenchange the Startup type to “Disabled”. Now, click on the “Ok” button and restart your computer to make the changes.

Apart from this, Microsoft also recommends torename the ATMFD.DLL filewhich further mitigates the zero-day vulnerability on Windows computers. You canread the detailed instructionsfrom the second-half of the page. In case, you are unable to follow the steps, comment down below and we will help you out.

So that was all about how to mitigate the risk and fix the zero-day vulnerability on Windows computers until Microsoft releases a security patch. Since the attack is being done through the preview pane, disabling the option should stop the attack altogether. I would recommend you to make the changes immediately just to be on the safer side. Further, go through our article on thebest Windows Malware Removal toolso your PC can detect harmful files then and there. Also, share this article with other Windows users so that they can also protect their PC. Anyway, that is all from us. If you are facing any issue then comment down below and let us know.

Passionate about Windows, ChromeOS, Android, security and privacy issues. Have a penchant to solve everyday computing problems.

Powered by Hugo