Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Microsoft Windows Type 1 Font Parsing Remote Code Execution Vulnerability
Image
Published : 24/03/2020
Reference:
Advisory #2020-008
Version:
1.0
Affected software:
Microsoft Windows - Adobe Type Manager Library
Type:
Remote Code Execution (RCE), Information Disclosure
Sources
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006
https://www.zdnet.com/article/microsoft-warns-of-windows-zero-day-exploited-in-the-wild/
https://www.helpnetsecurity.com/2020/03/23/windows-zero-days/
Risks
An attacker could exploit the vulnerability in multiple ways, including:
- Allowing attackers to run code on the user's system.
- Performing actions as a privileged user.
- Viewing the Windows Preview pane.
Description
There are 2 Remote Code Execution vulnerabilities present in the Adobe Type Manager Library (atmfd.dll), this library is used by Microsoft to render PostScript Type 1 fonts and is part of the default installation of Windows operating systems.
A patch is currently not available. However, Microsoft has released workarounds to mitigate the threat until patches are available.
Some of the mitigations include
- Disabling the Preview Pane and Details Pane in Windows Explorer.
- Disabling the WebClient Service
- Renaming the affected "atmfd.dll" file.
For an overview of the mitigations and their impact for each Windows OS version, please read the official advisory of Windows which can be found here.
Recommended Actions
Microsoft released an advisory for this vulnerability.
CERT.be recommends applying the mitigations and apply the patch a soon as possible once released (next patch Tuesday - 31/03/2020).