Vulnerabilities Discovered in Microsoft Windows

Vulnerabilities Discovered in Microsoft Windows

A cybersecurity alert was issued yesterday, March 23, 2020, regarding multiple vulnerabilities in Microsoft Windows. The vulnerabilities could allow an attacker to execute remote code, which could potentially lead to a breach.

What It Is:
Multiple vulnerabilities have been discovered in Microsoft Windows Adobe Type Manager Library, the most severe of which could allow an attacker to execute remote code on the affected system. Adobe Type Manager Library is a font management library that handles various font files such as OpenType, PostScript, and TrueType.

Depending on the privileges associated with the affected user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read the original bulletins from Microsoft and Ars Technica:

ADV200006 | Type 1 Font Parsing Remote Code Execution Vulnerability
Windows code-execution zeroday is under active exploit, Microsoft warns

Threat Intelligence:
As per Microsoft, there are currently limited targeted attacks against Adobe Type Manager Library.

Systems Affected:

• Windows 7, 8.1, RT 8.1, 10
• Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
• Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019 (Server Core installation)

Risk:
Government:
• Large and medium government entities: High
• Small government entities: High
Businesses:
• Large and medium business entities: High
• Small business entities: High
Home users: High

What It Means:
If you and/or your business utilize the Microsoft Windows versions mentioned above, you will need to apply the interim mitigation provided by Microsoft following proper testing. When available, update Windows to the latest version following proper testing.

Technical Summary:
Multiple vulnerabilities have been discovered in Microsoft Windows Adobe Type Manager Library, the most severe of which could allow an attacker to execute remote code on the affected system. An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted font file or viewing it in the Windows Preview pane.

What To Do:
We recommend the following actions be taken:

• Apply the interim mitigation provided by Microsoft after appropriate testing. When available, update Windows to the latest version after appropriate testing.
• Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
• Apply the Principle of Least Privilege to all systems and services.

Negative Consequences of Lost or Stolen Data:
The loss or theft of proprietary data can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:

• Temporary or permanent loss of sensitive or proprietary information.
• Disruption to regular operations.
• Financial losses incurred to restore systems and files.
• Potential harm to an organization’s reputation.

Should your agency or business need assistance with issues arising from vulnerabilities in Microsoft Windows, including updates and/or patches, Dox can help. Please contact Dox if there is anything we can do to assist in securing your agency, business, or organization.

Thank you for your time and stay safe online.