CIS Logo
tagline: Confidence in the Connected World

Multiple Vulnerabilities in Microsoft Windows Could Allow for Remote Code Execution

MS-ISAC ADVISORY NUMBER:

2020-041

DATE(S) ISSUED:

03/23/2020

OVERVIEW:

Multiple vulnerabilities have been discovered in Microsoft Windows Adobe Type Manager Library, the most severe of which could allow an attacker to execute remote code on the affected system. Adobe Type Manager Library is font management library which handles various font files such as OpenType, PostScript and TrueType. Depending on the privileges associated with the affected user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Successful exploitation of these vulnerabilities could allow the attacker to execute remote code on the affected system.

THREAT INTELLIGENCE:

As per Microsoft, there are currently limited targeted attacks against Adobe Type Manager Library.

SYSTEMS AFFECTED:

  • Windows 7, 8.1, RT 8.1, 10
  • Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
  • Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019 (Server Core installation)

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: HIGH
Home Users:
HIGH

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in Microsoft Windows Adobe Type Manager Library, the most severe of which could allow an attacker to execute remote code on the affected system. An attacker could exploit this vulnerability by convincing a user to open specially crafted font file or viewing it in the Windows Preview pane. Successful exploitation of these vulnerabilities could allow the attacker to execute remote code on the affected system. Depending on the privileges associated with the affected user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Successful exploitation of these vulnerabilities could allow the attacker to execute remote code on the affected system.

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Apply the interim mitigation provided by Microsoft after appropriate testing. When available, update Windows to the latest version after appropriate testing.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:

Information Hub : Advisories


CONTROL: 1 --- ADVISORY CONTROL: 0

Pencil Blog post 28 Sep 2020
CONTROL: 2 --- ADVISORY CONTROL: 0
CONTROL: 3 --- ADVISORY CONTROL: 0
CONTROL: 4 --- ADVISORY CONTROL: 0

Pencil White paper 22 Sep 2020