Ramblings of an old Doc
The fix/mitigation until there's an official fix
Published on March 26, 2020 By DrJBHL In Personal Computing

Seems as if all we do is about viruses, anymore, eh?

Well, there's a new zero day vulnerability in Windows and you really should fix it as you could end up infected with ransom ware as a result of its exploitation. MS has found two cases of that, and now that they have described the exploit, chances are much higher of getting hit by it. To get a good description of the problem, check the linked article. If you wish to read the original MS notification, it's here.

"On 23rd March, Microsoft acknowledged a zero-day vulnerability that affects all the Windows computers. The list of affected computers includes the most-updated Windows 10 including the insider builds; Windows 8.1 and 8; Windows 7 which has reached its End of Life, and many versions of Windows Server. However, the vulnerability is a limited targeted attack which means it’s not that widespread and only a certain number of users can be affected — mainly those who deal with font files and the preview pane.

Microsoft has zeroed down the attack to two exploits in the Adobe Type Manager Library which the attackers are taking advantage of. Having said that, the sad part is that Microsoft will be releasing the security patch next month, most probably on April 14, 2020. So until then, you can take a series of actions by yourself which can fix Windows Zero-Day vulnerability on Windows 10 and 7 computers right now."

I'm including a snip of the 'how to fix' article because I added how to deselect the two panels in Windows explorer...it's done with Alt+P, then proceed to the Options, etc.

(from Beebom linked article)

Don't forget to disable the Web client service (at the bottom of the linked article), and then to reboot.

And have a good weekend!


Comments
on Mar 26, 2020

Thanks Doc !  Just went through that list and it turns out my WebClient was already stopped, although not put in disable mode though.

Appreciate the post though, learned a little bit new things so that means ut been a good day !  

on Mar 26, 2020

on Mar 29, 2020

0Patch has come out with a novel and better block to this vulnerability. Also, those using Windows 7 should bookmark 0Patch's homepage.

on Mar 29, 2020

Shall have a squiz...

on Mar 30, 2020

Now all I need is for their email verification to work....and am yet to hear from support.

on Mar 30, 2020

Ah...support got back to me...am activated and it seems to be doing its job....will probably be a keeper...as it means I'll be 'safe' while keeping Win 7.

Apparently it works for XP too .....who'd a thunk it? ....

on Apr 02, 2020

I have a feeling this is gonna be the best thing since sliced bread.....

No need to feel 'nervous' about hanging on to Windows 7, not when 0patch puts you AHEAD of Win 10 user support/updates...

I KNOW this machine will be an absolute bastard to 'downgrade' to 10...so staying with 7 makes this proggy a goer...

on Apr 02, 2020


I have a feeling this is gonna be the best thing since sliced bread.....

No need to feel 'nervous' about hanging on to Windows 7, not when 0patch puts you AHEAD of Win 10 user support/updates...

I KNOW this machine will be an absolute bastard to 'downgrade' to 10...so staying with 7 makes this proggy a goer...

They don't intend to make a minipatch for W10, which sounds like bs to me, since the clowns at MS have told the hackers where a vulnerability exists. "We will likely not port the micropatch to Windows 10 and newer Servers as the risk from these vulnerabilities is much lower there."