On 23rd March, Microsoft acknowledged a zero-day vulnerability that affects all the Windows computers. The list of affected computers includes the most-updated Windows 10 including the insider builds; Windows 8.1 and 8; Windows 7 which has reached its End of Life, and many versions of Windows Server. However, the vulnerability is a limited targeted attack which means it’s not that widespread and only a certain number of users can be affected — mainly those who deal with font files and the preview pane.

As I said above, this attack corresponds to font parsing which leverages the two unpatched vulnerabilities currently available in the Adobe Type Manager Library. Microsoft said that it happens when “Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format”.

To conclude, even if you just download a font file or a document, the attack can be executed without explicitly opening the file. It’s because the attackers are using Windows preview and thumbnail to exploit the vulnerability. So all we have to do is disable both preview pane and thumbnail feature on Windows Explorer and your PC will stop the execution at the host level. Also, as a precautionary measure, do not download files from unreliable sources or from dubious emails.

  1. First of all, open the File Explorer and click on the “View” tab. After that, click on both “Preview pane” and “Details pane” to disable them.

Fix Windows Zero-Day Vulnerability on Windows 7

Similar to Windows 10, we have to disable the preview pane on Windows 7. However, the steps are slightly different as Windows Explorer on Windows 7 has slightly different menus and sub-menus.

  1. Now, move to the “View” tab and enable the checkbox for “Always show icons, never thumbnails” option. You are done. At least, at the host level, this should mitigate the Windows Zero-Day Vulnerability on Windows 7 PCs.

Apart from disabling the preview pane, it’s also recommended to disable the WebClient service on both Windows 10 and 7 out of abundant caution. This will disable all the requests coming from Web Distributed Authoring and Versioning (WebDAV) system which will make your computer inaccessible to the attacker. However, keep in mind, it might also disrupt some apps from properly working which rely on the WebClient service.

  1. Scroll down and look for the “WebClient” service. Right-click on it and select “Properties”.

Patch Windows Zero-Day Attack on Windows 10 and 7 Right Now