Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2020.0066.2 Critical RCE in Windows' Adobe Type Manager Library (ATMFD) announced out of cycle 25 March 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019 Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Resolution: Mitigation Member content until: Thursday, April 23 2020 Revision History: March 25 2020: Added MS note - mitigation not recommended on Windows 10 March 24 2020: Initial Release OVERVIEW Microsoft has published information about a critical vulnerability in Windows, in the Windows Adobe Type Manager Library, enabling remote code execution when viewing a file containing crafted fonts. Microsoft advises that there are "limited targeted attacks" in the wild, exploiting this vulnerability. Microsoft are working on an out-of-band patch, but for now only mitigation steps are available. UPDATE: Microsoft is not aware of any attacks against the Windows 10 platform and does not recommend implementing the provided workarounds on Windows 10. [1] IMPACT Microsoft advises: "Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format." "There are multiple ways an attacker can exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane." [1] MITIGATION "Microsoft is aware of this vulnerability and working on a fix." [1] This fix will likely be released before the next Patch Tuesday, which is scheduled for April 14th. In the meantime, Microsoft has published mitigation instructions which involve disabling affected features in the Windows Explorer file browser, disabling the WebClient service, and optionally disabling the whole Adobe Type Manager Font Driver (ATMFD) DLL. [1] REFERENCES [1] Windows: Type 1 Font Parsing Remote Code Execution Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXnqYGmaOgq3Tt24GAQjCdRAA2gntT+Q5XHCDciibeQ1VcfXYS10+Y0dk vze9JTn+j/XT9PpSSOTaitfdXpTBsk+Q+Dh+Helj+apfBxL14vR8aBgaOu0/3ogM 3yF7pWXmwyQHvEbPDwjRkU7ATDEQeQGwMHZYNWfz3R8hYXO07QIRz8iMWoD4D3OP 86lE2eYQYSUiZ6GnnKS2PtUGRHNw46K8x8lVc+NUkwJ1jLhLNNkFp7wQgTG8Vf33 qvGH4P2plX4X3IixsmVZAMLeLPm/K4LEti0FTVDq1u0X/H0Op/QJZ9jsMhPgMq+N /lk+Ws35vgy5Qj7Ej5g2n/jDM2JrYxFFFy2RalUsSU//sSXnRQv0K1yzdqeIv+oa 6dIu7NWjBW77IzKhQJbP+oXaqAUlPmMuxJgB4FP8MJ2swbZJvDOgSi29kmAX9/Lm MdOHiNh4lyUktg7bMn57pDaxYmpMOHp7v4T7P0956YolrnljjUh/gR9BS6kITSV3 3QZohVX5llFT1IgmIvBXqRBW/3Gh+NuA47/SNUI8JDjOOJzS/BAq49JN36XpAEiG bu8e6DqO18SL5nDdOhTFM7ZwWDflxRIk4znJLpOyEJMgT/UHlnM+YOlQ5B9f3NM6 y7dZ6fu9u0n7AwovAbmshzYPzZBc7y3FFJQbDLk+/yfpWOQmSGOiY6OZbq0LGbzQ WCnygr4hEQc= =d65i -----END PGP SIGNATURE-----