Microsoft says a full patch would only land next month

Mar 24, 2020 12:47 GMT  ·  By

Microsoft has recently acknowledged two zero-day vulnerabilities in Windows, confirming that it’s aware of attacks happening in the wild already.

More specifically, the font parsing remote code execution bugs in Windows are caused by the Adobe Type Manager Library, which Microsoft uses to render fonts in the operating system.

“Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format,” Microsoft says.

Despite attacks already happening in the wild, there’s no rush to patch the flaws, it seems, and Microsoft says a fix is likely to land next month. This means we might have to wait until April 14 when the next Patch Tuesday updates go live officially for all Windows users.

“Microsoft is aware of this vulnerability and working on a fix. Updates that address security vulnerabilities in Microsoft software are typically released on Update Tuesday, the second Tuesday of each month. This predictable schedule allows for partner quality assurance and IT planning, which helps maintain the Windows ecosystem as a reliable, secure choice for our customers,” Microsoft says.

There are several ways to exploit the vulnerability, and one of them is opening a crafted document specifically created to take advantage of the bug in the Windows Explorer preview pane.

So technically, the workaround comes down to this: disabling the preview pane and the details pane in File Explorer.

This workaround applies to all Windows versions, as File Explorer is offered as the pre-loaded file manager in the operating system. The steps, however, are a little different depending on the version of Windows that you run on the device.

File Explorer in Windows 10

Windows 10, Windows Server 2016, Windows Server 2019

Open File Explorer on the device and then follow these steps:


View tab > Clear Details pane + Preview Pane > Options > Change folder and search options > View > Advanced settings > Always show icons, never thumbnails
At this point, the preview should be disabled, so you need to relaunch File Explorer to save your settings.

Windows 8.1, Windows 7, older Windows Server versions

Nearly the same steps work here as well, with a small difference:


File Explorer > Organize > Layout > Clear Details pane + Preview pane > Organize > Folder and search options > View > Advanced settings > Always show icons, never thumbnails
What you need to do know is once you make these changes, File Explorer will no longer display OTF fonts automatically, so you may want to reset these steps once a patch is published. To do this, just follow the aforementioned steps and uncheck the last option.

“Disabling the Preview and Details panes in Windows Explorer prevents the automatic display of OTF fonts in Windows Explorer. While this prevents malicious files from being viewed in Windows Explorer, it does not prevent a local, authenticated user from running a specially crafted program to exploit this vulnerability,” Microsoft explains.

The next Patch Tuesday, due on April 14, will most likely resolve the vulnerabilities in the supported Windows versions. This is actually the most important thing, as despite Windows 7 also being vulnerable, it’s no longer getting updates, therefore it’ll remain open to attacks.

Windows 7 reached the end of support in January this year, so users still running it are recommended to switch to Windows 10 for security reasons. All Windows 10 versions will get cumulative updates on the next Patch Tuesday, albeit only the most recent are supported for home users.

Photo Gallery (2 Images)

File Explorer in Windows 10
File Explorer in Windows 10
Open gallery