Windows Type 1 Font Parsing Remote Code Execution Vulnerability

Microsoft has warned public that Windows code-execution zero day is under active exploit. The vulnerability consists of two code-execution flaws that can be triggered from improper handling of maliciously crafted master fonts in the Adobe Type 1 Postscript format. Attackers can exploit them by convincing a target to open a specially crafted document or viewing it in the Windows preview pane.


  • Due to the vulnerability, attackers can execute malicious code even on fully updated systems

Targeted Version

  • All Windows Servers
  • Windows 7,8 and 10 (depending on version)


  • While waiting for the patch, Microsoft suggest users of non-Windows 10 systems to use one or more of the following workarounds:
    • Disabling Preview Pane and Details Pane in Windows Explorer
    •  Disabling theWebClient service
    • Rename ATMFD.DLL (on Windows 10 systems that have a file by that name), or        alternatively, disable the file from the registry
  • Immediately update operating system once patch is ready