contador pagina web Skip to content

how to protect yourself from recent critical flaws

Microsoft has just revealed the existence of two critical zero-day vulnerabilities in Windows 10, 8.1 and 7. Unfortunately, they are already actively used by hackers. To be fooled, simply open a pig document or view it in the file explorer. The fix will not be available until April 14.

In the meantime, extra care should be taken with each document that you receive or download. It is also possible to limit the risk by a few adjustments in the operating system. The disadvantage is that they also remove functionality, but it is the price to pay.

Also to discover on video

1. Deactivate the visualization in the explorer

The display of a thumbnail in the file explorer is enough to exploit this flaw. To avoid this, open the explorer, go to tab Display and deactivate the preview pane and the details pane.

Then click on Options and open the window of Folder options . In the tab Display , Check the box Always display icons, never thumbnails . Finally, relaunch the explorer.

2. Deactivate the WebClient service

The WebClient service makes it possible to access directories of files on the Internet, via the WebDAV protocol. It is used in particular by cloud solution providers, such as OwnCloud or NextCloud. A hacker could use this protocol as an attack vector. Microsoft therefore advises to deactivate it. To do this, type Services in the search bar, and launch the ponymous application that Windows offers you. Find the service WebClient , right click and stop it. Finally, exit the Services application.

3. Rename ATMFD.DLL

For Windows 7, Windows 8.1 and the first versions of Windows 10, it is possible to deactivate the vulnerable library by renaming the corresponding DLL file. But beware, this requires typing command lines with administrator privileges, then restarting the system. It is therefore reserved for advanced users. For those who want to get started anyway, type cmd in the Windows search bar and open the Command Prompt application. Then type the following commands for a 64-bit system:

cd "% windir% system32" takeown.exe / f atmfd.dll icacls.exe atmfd.dll / save atmfd.dll.acl icacls.exe atmfd.dll / grant Administrators: (F) rename atmfd.dll x-atmfd. dll cd "% windir% syswow64" takeown.exe / f atmfd.dll icacls.exe atmfd.dll / save atmfd.dll.acl icacls.exe atmfd.dll / grant Administrators: (F) rename atmfd.dll x-atmfd .dll

For a 32-bit system, it is a little shorter.

cd "% windir% system32" takeown.exe / f atmfd.dllicacls.exe atmfd.dll / save atmfd.dll.aclicacls.exe atmfd.dll / grant Administrators: (F) rename atmfd.dll x-atmfd.dll

4. Restore the original settings

Once the future patch is installed, don't forget to go back. It is quite easy for the file explorer and the service manager, since it suffices to do the reverse manipulations. It is more complicated for the DLL file, because you have to type command lines in administrator privileges again.

For 64 bits:cd "% windir% system32" rename x-atmfd.dll atmfd.dllicacls.exe atmfd.dll / setowner "NT SERVICE TrustedInstaller" icacls.exe. / restore atmfd.dll.aclcd "% windir% syswow64" rename x-atmfd.dll atmfd.dllicacls.exe atmfd.dll / setowner "NT SERVICE TrustedInstaller" icacls.exe. / restore atmfd.dll.acl

For 32 bits:cd "% windir% system32" rename x-atmfd.dll atmfd.dllicacls.exe atmfd.dll / setowner "NT SERVICE TrustedInstaller" icacls.exe. / restore atmfd.dll.acl