微软紧急发布Type 1字体解析远程代码执行漏洞风险通告
发布时间 2020-03-24漏洞编号和级别
CVE编号:暂无,危险级别:严重,CVSS分值:官方未评定
影响版本
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server, version 1803 (Server Core Installation)
Windows Server, version 1903 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
漏洞概述
3月23日,微软公司发布了一份编号ADV200006 的紧急漏洞通告,通告表示有在野攻击行动使用了位于Adobe Type Manager Library中的两个远程代码执行0Day漏洞,鉴于漏洞严重,发布该通告指导用户在补丁发布前规避风险。
这两个远程代码执行漏洞的原因主要是Windows Adobe Type Manager Library并没有正确处理特殊构造的多重母版字体Adobe Type1 PostScript。在易受攻击的计算机上的用户打开精心编制的文档或在Windows预览窗格中查看该文档后,攻击者可能会在该主机上获得代码执行。
目前微软正在准备漏洞相关的补丁,预计下个月的补丁日会发布,暂时只提供缓解方式。
漏洞验证
暂无PoC/EXP。
修复建议
微软提供了几种缓解问题的临时解决方法,包括禁用Windows资源管理器中的“预览”Pane和“详细信息”pane、禁用WebClient服务以及重命名Adobe Type Manager字体驱动程序dll文件(ATMFD.dll)。有关临时解决方案及其影响的详细信息,请查看微软公告中的“解决方案”部分。
参考链接
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200006
京公网安备11010802024551号