近日�,�,�,234钱包安全应急响应中心监控到微软公司颁布了一份编号为ADV200006的垂危缝隙公告�,�,�,公告涉及Adobe Type Manager Library中的两个远程代码执行缝隙�,�,�,截止本通密告出(2020.3.25)微软官方尚未颁布有关安全更新�,�,�,建议受影响的用户实时关注并采取安全措施进行加固�,�,�,预防损失�。��!
公告编号
ADV200006
缝隙名称
微软Type 1字体解析远程代码执行缝隙
缝隙�:�:Φ燃
高危
缝隙描述
这两个远程代码执行缝隙的原因重要是Windows Adobe Type Manager Library 没有正确处置特殊机关的多重母版字体(Adobe Type1 PostScript体式)�,�,�,已终场服务的WIN7系统也受到影响�。��!9セ髡呖赏ü嘀殖【爸葱泄セ�,�,�,实现远程代码执行�,�,�,好比诱导受害者在Windows的预览中接见一个特殊机关的文档�。��!
影响版本
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server, version 1803 (Server Core Installation)
Windows Server, version 1903 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
修复规划
微软在公告中提供了多种缓解步骤的选择�,�,�,用户能够自行选择(具体拜见官方链接�:�:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200006)�。��!
1�、�、�、在Windows中禁用预览窗格和具体信息窗格(禁用后�,�,�,Windows资源治理器将不会自动显示OpenType字体)
2�、�、�、禁用WebClient服务(禁用后�,�,�,将阻止Web散布式创作和版本节制客户端服务)
3�、�、�、重定名ATMFD.DLL(Adobe Type Manager字体驱动法式的文件名)
32位操作系统缓解步骤�:�:
1.在治理号令提醒符处输入以下号令�:�:
cd "%windir%\system32"
takeown.exe /f atmfd.dll
icacls.exe atmfd.dll /save atmfd.dll.acl
icacls.exe atmfd.dll /grant Administrators:(F)
rename atmfd.dll x-atmfd.dll
2.重新启动系统�。��!
64位操作系统缓解步骤�:�:
1.在治理号令提醒符处输入以下号令�:�:
cd "%windir%\system32"
takeown.exe /f atmfd.dll
icacls.exe atmfd.dll /save atmfd.dll.acl
icacls.exe atmfd.dll /grant Administrators:(F)
rename atmfd.dll x-atmfd.dll
cd "%windir%\syswow64"
takeown.exe /f atmfd.dll
icacls.exe atmfd.dll /save atmfd.dll.acl
icacls.exe atmfd.dll /grant Administrators:(F)
rename atmfd.dll x-atmfd.dll
2.重新启动系统�。��!
参考链接
https://fortiguard.com/encyclopedia/ips/48773
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200006
北京234钱包网络技术有限公司
2020/03/25