Font-Thumbnail Microsoft RCE 0-day
Two weeks ago we wrote about a bad Microsoft zero day exploit that has since been fixed. Microsoft released an out-of-band patch to address the issue in SMBv3.1.
Yesterday a new vulnerability, Type 1 Font Parsing Remote Code Execution Vulnerability, was released.
While a patch has not yet been released to fix this issue, there is a workaround that involves disabling preview in Windows Explorer:
Make sure the “Always show icons, never thumbnails” box is checked. It is unchecked by default so a thumbnail will display instead of a file icon and that’s vulnerability this exploit targets.
You could also address this issue via Group Policy. (Check out this handy site for more info on group policy: https://gpsearch.azurewebsites.net/). This GPO can automate the workaround in corporate environments so have a look and make sure to apply it to all users or to the loopback: