近日,微软官方发布了编号为ADV200006的安全通告,其中包含两个Adobe字体管理库相关的远程代码执行漏洞,微软官方的安全通告指出这两个漏洞已遭在野利用。Windows多个系统版本均受此漏洞影响。目前,微软官方暂未发布补丁修复该漏洞,但提供了临时解决措施缓解该漏洞带来的危害。
漏洞源于Adobe字体管理库(Adobe Type Manager Library)不正确地处理 Adobe Type 1 PostScript 字体格式而导致,通告表示有在野攻击行动使用了位于Adobe Type Manager Library中的两个远程代码执行漏洞。
成功利用此漏洞的攻击者可远程执行恶意代码。Windows多个系统版本均受此漏洞影响。具体影响版本如下:
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server, version 1803 (Server Core Installation)
Windows Server, version 1903 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
目前,微软官方暂未发布补丁修复该漏洞,但提供了临时解决措施缓解该漏洞带来的危害。微软在通告中提供了多种解决措施供用户选择,官方公告地址如下:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006
来源:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006
(来源:国家信息安全漏洞库)