Microsoft Windows Type 1 Font Parsing Remote Code Execution Vulnerability
Sources
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006
https://www.zdnet.com/article/microsoft-warns-of-windows-zero-day-exploited-in-the-wild/
https://www.helpnetsecurity.com/2020/03/23/windows-zero-days/
Risks
An attacker could exploit the vulnerability in multiple ways, including:
- Allowing attackers to run code on the user's system.
- Performing actions as a privileged user.
- Viewing the Windows Preview pane.
Description
There are 2 Remote Code Execution vulnerabilities present in the Adobe Type Manager Library (atmfd.dll), this library is used by Microsoft to render PostScript Type 1 fonts and is part of the default installation of Windows operating systems.
A patch is currently not available. However, Microsoft has released workarounds to mitigate the threat until patches are available.
Some of the mitigations include
- Disabling the Preview Pane and Details Pane in Windows Explorer.
- Disabling the WebClient Service
- Renaming the affected "atmfd.dll" file.
For an overview of the mitigations and their impact for each Windows OS version, please read the official advisory of Windows which can be found here.
Recommended Actions
Microsoft released an advisory for this vulnerability.
CERT.be recommends applying the mitigations and apply the patch a soon as possible once released (next patch Tuesday - 31/03/2020).