近日�,金山云安全應(yīng)急響應(yīng)中心監(jiān)控到微軟公司發(fā)布了一份編號為ADV200006的緊急漏洞通告�,通告涉及Adobe Type Manager Library中的兩個遠(yuǎn)程代碼執(zhí)行漏洞,截止本通告發(fā)出(2020.3.25)微軟官方尚未發(fā)布相關(guān)安全更新�,建議受影響的用戶及時關(guān)注并采取安全措施進(jìn)行加固,避免損失����。
通告編號
ADV200006
漏洞名稱
微軟Type 1字體解析遠(yuǎn)程代碼執(zhí)行漏洞
漏洞危害等級
高危
漏洞描述
這兩個遠(yuǎn)程代碼執(zhí)行漏洞的原因主要是Windows Adobe Type Manager Library 沒有正確處理特殊構(gòu)造的多重母版字體(Adobe Type1 PostScript格式),已停止服務(wù)的WIN7系統(tǒng)也受到影響�。攻擊者可通過多種場景實施攻擊,實現(xiàn)遠(yuǎn)程代碼執(zhí)行�,比如誘導(dǎo)受害者在Windows的預(yù)覽中訪問一個特殊構(gòu)造的文檔。
影響版本
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server, version 1803 (Server Core Installation)
Windows Server, version 1903 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
修復(fù)方案
微軟在通告中提供了多種緩解方法的選擇��,用戶可以自行選擇(具體參見官方鏈接:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200006)。
1����、在Windows中禁用預(yù)覽窗格和詳細(xì)信息窗格(禁用后,Windows資源管理器將不會自動顯示OpenType字體)
2�����、禁用WebClient服務(wù)(禁用后�����,將阻止Web分布式創(chuàng)作和版本控制客戶端服務(wù))
3����、重命名ATMFD.DLL(Adobe Type Manager字體驅(qū)動程序的文件名)
32位操作系統(tǒng)緩解方法:
1.在管理命令提示符處輸入以下命令:
cd "%windir%\system32"
takeown.exe /f atmfd.dll
icacls.exe atmfd.dll /save atmfd.dll.acl
icacls.exe atmfd.dll /grant Administrators:(F)
rename atmfd.dll x-atmfd.dll
2.重新啟動系統(tǒng)。
64位操作系統(tǒng)緩解方法:
1.在管理命令提示符處輸入以下命令:
cd "%windir%\system32"
takeown.exe /f atmfd.dll
icacls.exe atmfd.dll /save atmfd.dll.acl
icacls.exe atmfd.dll /grant Administrators:(F)
rename atmfd.dll x-atmfd.dll
cd "%windir%\syswow64"
takeown.exe /f atmfd.dll
icacls.exe atmfd.dll /save atmfd.dll.acl
icacls.exe atmfd.dll /grant Administrators:(F)
rename atmfd.dll x-atmfd.dll
2.重新啟動系統(tǒng)�。
參考鏈接
https://fortiguard.com/encyclopedia/ips/48773
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200006
北京金山云網(wǎng)絡(luò)技術(shù)有限公司
2020/03/25