Special font can get your computer hacked

Microsoft font vulnerability MS15-078
Help us grow. Share with your friends!

Microsoft font vulnerability MS15-078

A vulnerability has been detected recently in all Windows releases till date which allows remote code execution if the user loads a specially crafted font. The font in question comes from OpenType fonts library in Windows operating system. In order to keep your computer safe from possible attacks, Microsoft has released an update that should fix the flaw.

All you have to do is run Windows update and let it automatically download the security patch. Since, Remote code execution can eventually lead to total take over of your computer, the risk is considered to be severe. The news comes through the Microsoft’s Security Bulletin number MS15-078.

How can you be attacked?

We all open PDF documents on regular basis for all sorts of reasons. The Adobe Type manager library handles the openType fonts in Windows which is vulnerable to the attack in question. If a special font appears in the document, the library will allow remote code execution by allowing intruders in your system.

In other way, the attacker may ask or cause the user to visit certain web pages that contain the special font which can trigger the remote code execution backdoor for the intruder. The best way to protect yourself is to run Windows Update immediately.

If you prefer not to update your Windows operating system, there are registry manipulations that need to be done to fix the issue.

Fixing vulnerability

There is no real fix available as of yet. But there is a workaround which is being distributed through Windows Update. You can simply run a few lines of code in command prompt to fix the issue.

For 32 (x86) bit Windows:

For x64 Windows:

What these lines of code do is simply rename the file atmfd.dll to atmfd.dll.acl.

Now, restart your system immediately for the changes to take effect.

This may not work correctly on Windows 8 or later operating systems. So follow the below method:

  1. Open notepad and paste the following lines of code:
  2. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] “DisableATMFD”=dword:00000001
  3. Save the file as “atmfd-disable.reg”.
  4.  Start –> Search for regedit.exe and open it
  5. Click on File and press Import.
  6. Select the file you just created “atmfd-disable.reg” and press Ok.

You can find more information about this vulnerability at official Microsoft page.

This security flaw came to light while digging through the hacked files of “Hacking Team” which was hacked just recently.
If you happen to be on Windows 10 you need not worry because automatic updates will have already fixed the flaw for you.


Salil is an electronics enthusiast working on various RF and Microwave systems. In his free time he writes on the blog, talks over ham radio or builds circuits. He has Yaesu FT2900R VHF transceiver, FT450D HF transceiver and a TYT UV8000E Handheld transceiver.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.