阅读: 51

当地时间3月23日,微软发布ADV200006号通告,称其发现目前有在野攻击利用Adobe Type Manager Library中的2个0-day漏洞。

由于该Library在处理multi-master字体(Adobe Type 1 PostScript格式)时存在缺陷,攻击者可以精心构造一个恶意的文档并诱使用户使用Windows Preview pane预览,从而利用该漏洞来远程执行代码。

目前Microsoft已经在准备相关的补丁,预计于下个月的补丁日发出。同时建议用户现在可以采取相应的缓解措施来进行防护。

受影响版本:

  • Windows 10 for 32-bit Systems
  • Windows 10 for x64-based Systems
  • Windows 10 Version 1607 for 32-bit Systems
  • Windows 10 Version 1607 for x64-based Systems
  • Windows 10 Version 1709 for 32-bit Systems
  • Windows 10 Version 1709 for ARM64-based Systems
  • Windows 10 Version 1709 for x64-based Systems
  • Windows 10 Version 1803 for 32-bit Systems
  • Windows 10 Version 1803 for ARM64-based Systems
  • Windows 10 Version 1803 for x64-based Systems
  • Windows 10 Version 1809 for 32-bit Systems
  • Windows 10 Version 1809 for ARM64-based Systems
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 1903 for 32-bit Systems
  • Windows 10 Version 1903 for ARM64-based Systems
  • Windows 10 Version 1903 for x64-based Systems
  • Windows 10 Version 1909 for 32-bit Systems
  • Windows 10 Version 1909 for ARM64-based Systems
  • Windows 10 Version 1909 for x64-based Systems
  • Windows 7 for 32-bit Systems Service Pack 1
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows 8.1 for 32-bit systems
  • Windows 8.1 for x64-based systems
  • Windows RT 8.1
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for Itanium-Based Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2012
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2016
  • Windows Server 2016 (Server Core installation)
  • Windows Server 2019
  • Windows Server 2019 (Server Core installation)
  • Windows Server, version 1803 (Server Core Installation)
  • Windows Server, version 1903 (Server Core installation)
  • Windows Server, version 1909 (Server Core installation)

缓解建议:

上述漏洞的补丁预计将于下个月的微软补丁日放出,届时用户应尽快下载更新进行防护。

Microsoft目前也提供多种缓解措施:

  1. 禁用Preview Pane和Details Pane。
  2. 禁用WebClient service.
  3. 重命名ATMFD.DLL

以上措施的详细方法可参考微软官方通告:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv200006