关于我们

【风险通告】微软Type 1字体解析远程代码执行漏洞

发布时间:2020-03-25 00:00:00

近日,金山云安全应急响应中心监控到微软公司发布了一份编号为ADV200006的紧急漏洞通告,通告涉及Adobe Type Manager Library中的两个远程代码执行漏洞,截止本通告发出(2020.3.25)微软官方尚未发布相关安全更新,建议受影响的用户及时关注并采取安全措施进行加固,避免损失。

 

通告编号

ADV200006

 

漏洞名称

微软Type 1字体解析远程代码执行漏洞

 

漏洞危害等级

高危

 

漏洞描述

这两个远程代码执行漏洞的原因主要是Windows Adobe Type Manager Library 没有正确处理特殊构造的多重母版字体(Adobe Type1 PostScript格式),已停止服务的WIN7系统也受到影响。攻击者可通过多种场景实施攻击,实现远程代码执行,比如诱导受害者在Windows的预览中访问一个特殊构造的文档。

 

影响版本

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1709 for 32-bit Systems

Windows 10 Version 1709 for ARM64-based Systems

Windows 10 Version 1709 for x64-based Systems

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows 10 Version 1903 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for Itanium-Based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 1803 (Server Core Installation)

Windows Server, version 1903 (Server Core installation)

Windows Server, version 1909 (Server Core installation)

 

修复方案

微软在通告中提供了多种缓解方法的选择,用户可以自行选择(具体参见官方链接:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200006)。

1、在Windows中禁用预览窗格和详细信息窗格(禁用后,Windows资源管理器将不会自动显示OpenType字体)

2、禁用WebClient服务(禁用后,将阻止Web分布式创作和版本控制客户端服务)

3、重命名ATMFD.DLL(Adobe Type Manager字体驱动程序的文件名)

 

32位操作系统缓解方法:

1.在管理命令提示符处输入以下命令:

cd "%windir%\system32"

takeown.exe /f atmfd.dll

icacls.exe atmfd.dll /save atmfd.dll.acl

icacls.exe atmfd.dll /grant Administrators:(F)

rename atmfd.dll x-atmfd.dll

2.重新启动系统。

 

64位操作系统缓解方法:

1.在管理命令提示符处输入以下命令:

cd "%windir%\system32"

takeown.exe /f atmfd.dll

icacls.exe atmfd.dll /save atmfd.dll.acl

icacls.exe atmfd.dll /grant Administrators:(F)

rename atmfd.dll x-atmfd.dll

cd "%windir%\syswow64"

takeown.exe /f atmfd.dll

icacls.exe atmfd.dll /save atmfd.dll.acl

icacls.exe atmfd.dll /grant Administrators:(F)

rename atmfd.dll x-atmfd.dll

2.重新启动系统。

 

参考链接

https://fortiguard.com/encyclopedia/ips/48773

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200006

北京金山云网络技术有限公司

2020/03/25


以上就是金山云为您带来的【风险通告】微软Type 1字体解析远程代码执行漏洞的全部内容,如果还想了解更多内容可访问金山云官网www.ksyun.com了解其它资讯。

金山云,开启您的云计算之旅

免费注册