VARSEL (TLP:CLEAR)

[NCSC-varsel] Kritisk sårbarhet i Windows Adobe Type Manager

24-03-2020

NCSC ønsker å informere om sårbarheter som finnes i Windows Adobe Type Manager Library [1]. To av disse sårbarhetene åpner for fjernkjøring av vilkårlig kode når Adobe Type manager library feilhåndterer en spesielt utformet multi-master font - Adobe Type 1 PostScript format.

 

Berørte versjoner av Windows:

 

* Windows 10 for 32-bit Systems

* Windows 10 for x64-based Systems

* Windows 10 Version 1607 for 32-bit Systems

* Windows 10 Version 1607 for x64-based Systems

* Windows 10 Version 1709 for 32-bit Systems

* Windows 10 Version 1709 for ARM64-based Systems

* Windows 10 Version 1709 for x64-based Systems

* Windows 10 Version 1803 for 32-bit Systems

* Windows 10 Version 1803 for ARM64-based Systems

* Windows 10 Version 1803 for x64-based Systems

* Windows 10 Version 1809 for 32-bit Systems

* Windows 10 Version 1809 for ARM64-based Systems

* Windows 10 Version 1809 for x64-based Systems

* Windows 10 Version 1903 for 32-bit Systems

* Windows 10 Version 1903 for ARM64-based Systems

* Windows 10 Version 1903 for x64-based Systems

* Windows 10 Version 1909 for 32-bit Systems

* Windows 10 Version 1909 for ARM64-based Systems

* Windows 10 Version 1909 for x64-based Systems

* Windows 7 for 32-bit Systems Service Pack 1

* Windows 7 for x64-based Systems Service Pack 1

* Windows 8.1 for 32-bit systems

* Windows 8.1 for x64-based systems

* Windows RT 8.1

* Windows Server 2008 for 32-bit Systems Service Pack 2

* Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core

* Windows Server 2008 for Itanium-Based Systems Service Pack 2

* Windows Server 2008 for x64-based Systems Service Pack 2

* Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core

* Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1

* Windows Server 2008 R2 for x64-based Systems Service Pack 1

* Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core

installation)

* Windows Server 2012

* Windows Server 2012 (Server Core installation)

* Windows Server 2012 R2

* Windows Server 2012 R2 (Server Core installation)

* Windows Server 2016

* Windows Server 2016 (Server Core installation)

* Windows Server 2019

* Windows Server 2019 (Server Core installation)

* Windows Server, version 1803 (Server Core Installation)

* Windows Server, version 1903 (Server Core installation)

* Windows Server, version 1909 (Server Core installation)

 

Microsoft er kjent med disse sårbarhetene, men på nåværende tidspunkt finnes det ikke en sikkerhetsoppdatering for dem. Microsoft jobber kontinuerlig med en å utarbeide en sikkerhetsoppdatering. Utover dette har Microsoft kommet med en rekke mitigerende tiltak. Dette omfatter blant annet; å deaktivere Preview Pane og Details Pane i Windows Explorer, å deaktivere WebClient-tjenesten, eller å endre navn på ATMFD.DLL-filen. Mer om disse tiltakene kan leses på Microsofts sider [1].

 

Microsoft er kjent med noen tilfeller der dette er blitt utnyttet av angripere.

 

NCSC anbefaler virksomheter å sette seg inn i varselet fra Microsoft og vurdere muligheten for å gjennomføre mitigerende tiltak.

 

NCSC-pulsen forblir på nivå 2 da det eksisterer en workaround.

 

 

Referanser:

[1] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200006