Shulou(Shulou.com)06/01 Report--

Type 1 font parsing remote code execution vulnerability notice is how, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain in detail for you, people with this need can come to learn, I hope you can gain something.

0x00 vulnerability background

Recently, 360-CERT detected that Microsoft had issued an emergency vulnerability notice numbered ADV200006, which said that two remote code execution 0Day vulnerabilities located in Adobe Type Manager Library had been used in an out-of-the-field attack. In view of the serious vulnerability, the notice was issued to guide users to avoid risks before the patch was released.

It is reported that the main reason for these two remote code execution vulnerabilities is that Windows Adobe Type Manager Library does not correctly handle specially constructed multiple master fonts-Adobe Type1 PostScript format, the vulnerability assessment is serious, and the discontinued WIN7 is also affected by the vulnerability.

Attackers can carry out attacks through a variety of scenarios, such as persuading the victim to access a specially constructed document in a preview of the Windows.

Microsoft is currently preparing bug-related patches, which are expected to be released next month and will only provide mitigation for the time being.

360-CERT advises users to follow Microsoft's progress in fixing the vulnerability, and emergency users can refer to the corresponding mitigation plan first.

0x01 affected version

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1709 for 32-bit Systems

Windows 10 Version 1709 for ARM64-based Systems

Windows 10 Version 1709 for x64-based Systems

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows 10 Version 1903 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows 8.1 for 32-bit systems

Windows 8.1 for x64-based systems

Windows RT 8.1

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for Itanium-Based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 1803 (Server Core Installation)

Windows Server, version 1903 (Server Core installation)

Windows Server, version 1909 (Server Core installation)

0x02 mitigation recommendations

Microsoft offers a variety of options in the announcement, which users can choose (see the reference link for details). Here, we mainly recommend the way to rename the ATMFD.DLL file (it is also recommended that users install 360 security guards for active defense).

32-bit operating system mitigation:

Enter at the command line of administrator permissions

Cd "% windir%\ system32"

Takeown.exe / f atmfd.dll

Icacls.exe atmfd.dll / save atmfd.dll.acl

Icacls.exe atmfd.dll / grant Administrators: (F)

Rename atmfd.dll x-atmfd.dll

Restart the system

64-bit operating system mitigation:

Enter at the command line of administrator permissions

Cd "% windir%\ system32"

Takeown.exe / f atmfd.dll

Icacls.exe atmfd.dll / save atmfd.dll.acl

Icacls.exe atmfd.dll / grant Administrators: (F)

Rename atmfd.dll x-atmfd.dll

Cd "% windir%\ syswow64"

Takeown.exe / f atmfd.dll

Icacls.exe atmfd.dll / save atmfd.dll.acl

Icacls.exe atmfd.dll / grant Administrators: (F)

Rename atmfd.dll x-atmfd.dll

Restart the system

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.