==================================================================== CERT-Renater Note d'Information No. 2020/VULN164 _____________________________________________________________________ DATE : 25/03/2020 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Windows running Windows Adobe Type Manager library. ===================================================================== https://kb.cert.org/vuls/id/354840/ _____________________________________________________________________ Microsoft Windows Type 1 font parsing remote code execution vulnerabilities Vulnerability Note VU#354840 Original Release Date: 2020-03-23 | Last Revised: 2020-03-24 Overview Microsoft Windows contains two vulnerabilities in the parsing of Adobe Type 1 fonts, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Type Manager, which is provided by atmfd.dll, is a kernel module that is provided by Windows and provides support for OpenType fonts. Two vulnerabilities in the Microsoft Windows Adobe Type Manager library may allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system. This vulnerability affects all supported versions of Windows, as well as Windows 7. This vulnerability is being exploited in the wild. Impact By causing a Windows system to open a specially crafted document or view it in the Windows preview pane, an unauthenticated remote attacker may be able to execute arbitrary code with kernel privileges on a vulnerable system. Windows 10 based operating systems would execute the code with limited privileges, in an AppContainer sandbox. Solution The CERT/CC is currently unaware of a practical solution to this problem. Please consider the following workarounds that are listed in Microsoft Security Advisory ADV200006: Rename ATMFD.DLL This mitigation appears to be to the most effective workaround for this vulnerability, as it blocks the vulnerable code from being used by Windows. Please see Microsoft Security Advisory ADV200006 for more details. Because supported Windows 10 versions do not use ATMFD.DLL, this mitigation is not applicable. Disable the preview pane and details pane in Windows Explorer Please see Microsoft Security Advisory ADV200006 for more details. Disable the WebClient service Please see Microsoft Security Advisory ADV200006 for more details. Notified: March 23, 2020 Updated: March 23, 2020 Status Affected Vendor Statement No statement is currently available from the vendor regarding this vulnerability. Vendor Information We are not aware of further vendor information regarding this vulnerability. Vendor References https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200006 CVSS Metrics Group Score Vector Base 10 AV:N/AC:L/Au:N/C:C/I:C/A:C Temporal 9 E:F/RL:W/RC:C Environmental 9.0 CDP:ND/TD:H/CR:ND/IR:ND/AR:ND References https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200006 https://docs.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation Acknowledgements This document was written by Will Dormann. Other Information CVE IDs: None Date Public: 2020-03-23 Date First Published: 2020-03-23 Date Last Updated: 2020-03-24 17:36 UTC Document Revision: 20 ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================