首頁 > 安全研究 > 安全通報 > 安全通告

微軟緊急發布Type 1字體解析遠程代碼執行漏洞風險通告

發布時間 2020-03-24

漏洞編號和級別


CVE編號:暫無,危險級別:嚴重,CVSS分值:官方未評定


影響版本


Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1709 for 32-bit Systems

Windows 10 Version 1709 for ARM64-based Systems

Windows 10 Version 1709 for x64-based Systems

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows 10 Version 1903 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for Itanium-Based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 1803 (Server Core Installation)

Windows Server, version 1903 (Server Core installation)

Windows Server, version 1909 (Server Core installation)


漏洞概述


3月23日,微軟公司發布了一份編號ADV200006 的緊急漏洞通告,通告表示有在野攻擊行動使用了位于Adobe Type Manager Library中的兩個遠程代碼執行0Day漏洞,鑒于漏洞嚴重,發布該通告指導用戶在補丁發布前規避風險。


這兩個遠程代碼執行漏洞的原因主要是Windows Adobe Type Manager Library并沒有正確處理特殊構造的多重母版字體Adobe Type1 PostScript。在易受攻擊的計算機上的用戶打開精心編制的文檔或在Windows預覽窗格中查看該文檔后,攻擊者可能會在該主機上獲得代碼執行。


目前微軟正在準備漏洞相關的補丁,預計下個月的補丁日會發布,暫時只提供緩解方式。


漏洞驗證


暫無PoC/EXP。


修復建議


微軟提供了幾種緩解問題的臨時解決方法,包括禁用Windows資源管理器中的“預覽”Pane和“詳細信息”pane、禁用WebClient服務以及重命名Adobe Type Manager字體驅動程序dll文件(ATMFD.dll)。有關臨時解決方案及其影響的詳細信息,請查看微軟公告中的“解決方案”部分。


參考鏈接


https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200006


上一篇 下一篇