微软紧急发布Type 1字体解析远程代码执行漏洞通告

2020-03-24 08:51:23
微软公司发布编号为ADV200006 的紧急漏洞通告,通告表示有在野攻击使用了位于Adobe Type Manager Library中的两个远程代码执行0Day漏洞。攻击者可通过多种场景实施攻击,比如说服受害者在Windows的预览中访问一个特殊构造的文档。

漏洞背景

微软公司发布编号ADV200006 的紧急漏洞通告,通告表示有在野攻击使用了位于Adobe Type Manager Library中的两个远程代码执行0Day漏洞。鉴于漏洞严重,发布该通告指导用户在补丁发布前规避风险。

 

据悉,这两个远程代码执行漏洞的原因主要是Windows Adobe Type Manager Library并没有正确处理特殊构造的多重母版字体——Adobe Type1 PostScript格式,漏洞评估严重,已停止服务的WIN7也受漏洞影响。

 

攻击者可通过多种场景实施攻击,比如说服受害者在Windows的预览中访问一个特殊构造的文档。目前微软正在准备漏洞相关的补丁,预计下个月的补丁日会发布,暂时只能提供缓解建议。

 

腾讯安全建议用户特别关注该漏洞的研究进展,也可参考缓解方案防御。

 

受影响的操作系统版本】

漏洞影响win7~win10及服务器操作系统的各个32位、64位版本,具体列表如下:

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1709 for 32-bit Systems

Windows 10 Version 1709 for ARM64-based Systems

Windows 10 Version 1709 for x64-based Systems

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows 10 Version 1903 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for Itanium-Based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 1803 (Server Core Installation)

Windows Server, version 1903 (Server Core installation)

Windows Server, version 1909 (Server Core installation)

 

缓解建议】

微软在通告中提供了多种选择,用户可以自行选择(具体见参考链接)。


主要包括:

1.Windows资源管理器中禁用预览窗格和详细信息窗格

2.禁用WebClient服务

3.重命名ATMFD.DLL

 

微软在紧急漏洞通告中对操作步骤及影响有详细描述,需要紧急处置的用户可以参考微软官方链接。

 

时间线】

2020-03-24 微软发布紧急漏洞通告

2020-03-24 腾讯安全威胁情报中心发布漏洞通告

 

参考链接】

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200006

最新资讯