[NCSC-varsel] Kritisk sårbarhet i Windows Adobe Type Manager
NCSC ønsker å informere om sårbarheter som finnes i Windows Adobe Type Manager Library [1]. To av disse sårbarhetene åpner for fjernkjøring av vilkårlig kode når Adobe Type manager library feilhåndterer en spesielt utformet multi-master font - Adobe Type 1 PostScript format.
Berørte versjoner av Windows:
* Windows 10 for 32-bit Systems
* Windows 10 for x64-based Systems
* Windows 10 Version 1607 for 32-bit Systems
* Windows 10 Version 1607 for x64-based Systems
* Windows 10 Version 1709 for 32-bit Systems
* Windows 10 Version 1709 for ARM64-based Systems
* Windows 10 Version 1709 for x64-based Systems
* Windows 10 Version 1803 for 32-bit Systems
* Windows 10 Version 1803 for ARM64-based Systems
* Windows 10 Version 1803 for x64-based Systems
* Windows 10 Version 1809 for 32-bit Systems
* Windows 10 Version 1809 for ARM64-based Systems
* Windows 10 Version 1809 for x64-based Systems
* Windows 10 Version 1903 for 32-bit Systems
* Windows 10 Version 1903 for ARM64-based Systems
* Windows 10 Version 1903 for x64-based Systems
* Windows 10 Version 1909 for 32-bit Systems
* Windows 10 Version 1909 for ARM64-based Systems
* Windows 10 Version 1909 for x64-based Systems
* Windows 7 for 32-bit Systems Service Pack 1
* Windows 7 for x64-based Systems Service Pack 1
* Windows 8.1 for 32-bit systems
* Windows 8.1 for x64-based systems
* Windows RT 8.1
* Windows Server 2008 for 32-bit Systems Service Pack 2
* Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core
* Windows Server 2008 for Itanium-Based Systems Service Pack 2
* Windows Server 2008 for x64-based Systems Service Pack 2
* Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core
* Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
* Windows Server 2008 R2 for x64-based Systems Service Pack 1
* Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core
installation)
* Windows Server 2012
* Windows Server 2012 (Server Core installation)
* Windows Server 2012 R2
* Windows Server 2012 R2 (Server Core installation)
* Windows Server 2016
* Windows Server 2016 (Server Core installation)
* Windows Server 2019
* Windows Server 2019 (Server Core installation)
* Windows Server, version 1803 (Server Core Installation)
* Windows Server, version 1903 (Server Core installation)
* Windows Server, version 1909 (Server Core installation)
Microsoft er kjent med disse sårbarhetene, men på nåværende tidspunkt finnes det ikke en sikkerhetsoppdatering for dem. Microsoft jobber kontinuerlig med en å utarbeide en sikkerhetsoppdatering. Utover dette har Microsoft kommet med en rekke mitigerende tiltak. Dette omfatter blant annet; å deaktivere Preview Pane og Details Pane i Windows Explorer, å deaktivere WebClient-tjenesten, eller å endre navn på ATMFD.DLL-filen. Mer om disse tiltakene kan leses på Microsofts sider [1].
Microsoft er kjent med noen tilfeller der dette er blitt utnyttet av angripere.
NCSC anbefaler virksomheter å sette seg inn i varselet fra Microsoft og vurdere muligheten for å gjennomføre mitigerende tiltak.
NCSC-pulsen forblir på nivå 2 da det eksisterer en workaround.
Referanser:
[1] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200006