International Cyber Expo International Cyber Expo
  • About Us
Thursday, 9 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Unpatched “Denial of Service” Vulnerability within Microsoft Windows – A Different Perspective

by The Gurus
May 11, 2017
in Editor's News
Share on FacebookShare on Twitter

By Kasper Lindgaard, Director of Research and Security, Secunia Research at Flexera Software

Recently, Secunia Research discovered a “Denial of Service” (DoS) vulnerability within Microsoft Windows. It is triggered through a stack exhaustion during the Type 1 font processing within the Adobe Type Manager Font Driver library (AMTFD.dll), which results in a crash of the Microsoft Windows operating system. The vulnerability is confirmed on a fully-patched Microsoft Windows 7 Professional running with AMTFD.dll version 5.1.2.251 and is triggered through a specially crafted Type 1 font file.
Exploitation vectors concerning font related vulnerabilities vary in Microsoft Windows driven systems, for example the Internet Explorer may provide a convenient way to exploit certain font type vulnerabilities if a victim browses a malicious Internet page. However, in the case of this vulnerability, it is triggered by viewing the contents of a directory on the file system or on a share through the Explorer, where the directory contains a specially crafted font file.
We reported the vulnerability on March 7, 2017 including a “Proof of Concept” (PoC) font file towards the vendor Microsoft to attempt a coordinated disclosure of the vulnerability and its fixes.
While the first part of the coordination went as usual and as expected, on April 10, 2017 the vendor Microsoft notified us that “[…] We have determined the issue is a local authenticated DoS without a remote attack vector. As such, it does not meet the bar for servicing down level. […]”.
We do not agree with the premise the vendor Microsoft presents and argue that a specially crafted Type 1 font file does not necessarily require the attacker to have a local authenticated user account as the effect of the font file may reach the victim through viewing a directory on a network share for example. Additionally, while a victim of course needs to view a directory containing a specially crafted font file, this action constitutes one of the most basic interactions a victim performs on a system running Microsoft Windows and doesn’t present an additional obstacle.
Such a font file may enter a corporate entity through various means, be it that it is actively downloaded from the Internet or saved from an email by an employee with access to a directory on a network share or that it ended up in such a directory through some form of automatic processing when extracting archives or similar. Thus, an attacker may not require direct access to such a network share that is accessible by the victim and as such the attacker would not even be considered a part of the same corporate entity as the victim. Regardless, the attacker position is considered “remote” and not “local” in these scenarios.
In the end, it is quite believable that such a font file will not be assessed as suspicious prior to it ending up in a directory, where just the view of the directory in the Explorer then triggers the crash of the Microsoft Windows operating system.
Naturally, we communicated our point of view to the vendor Microsoft to ultimately achieve a fix of the vulnerability for the benefit of Flexera Software’s and Microsoft’s customers. However, the initial statement of the vulnerability not meeting the bar for servicing down level has not been reverted by Microsoft so far.
As we received no indication from Microsoft concerning a fix of the vulnerability actively happening during the timeline outlined by our disclosure policy, we ultimately had to set the preliminary disclosure date for the vulnerability to April 24, 2017 – regardless of existence of a patch or not. We still presented the vendor Microsoft the opportunity to have the preliminary disclosure date adjusted, simply by Microsoft outlining a patch availability falling within the terms of our disclosure policy, but this offer was never met.
As consequence, we issued the Secunia Advisory SA75557 on April 24, 2017 and rated it as remotely exploitable and “Moderately Critical” with an “Unpatched” solution status to warn our customers about the vulnerability.
Of course, it is the prerogative of the vendor Microsoft to have a differing point of view, but we see it as our responsibility to warn our customers even in the absence of a patch, as in this case.

ShareTweet
Previous Post

DDoS attack knocks out major French news sites including Le Monde and Le Figaro

Next Post

Nearly two-thirds of UK consumers say experiencing a data leak/breach would likely make them leave a brand

Recent News

malware

Huntress Uncovers ‘Vibe-Coded’ Malware Used to Map Active Directory Environments

July 8, 2026
Check Point’s ThreatCloud AI Blocked 4.6 Billion Attacks in 2025, Latest ESG Report Reveals

Check Point’s ThreatCloud AI Blocked 4.6 Billion Attacks in 2025, Latest ESG Report Reveals

July 8, 2026
Kirsty Fowler, WorkNest Secure

Next Gen Spotlights: Building a More Resilient Future – Q&A with WorkNest Secure

July 8, 2026
Mike Winston on Why Jet.AI Shifted From Aviation to AI Infrastructure

Mike Winston on Why Jet.AI Shifted From Aviation to AI Infrastructure

July 7, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol