ADV200006 | Type 1 Font Parsing Remote Code Execution Vulnerability

Today, Microsoft issued an advisory titled ADV200006 | Type 1 Font Parsing Remote Code Execution Vulnerability. According to the advisory, this vulnerability could leverage unpatched vulnerabilities in the Adobe Type Manager Library for remote code execution.

Specifics were not disclosed at this time. Noted in the advisory were two remote code execution vulnerabilities in Microsoft Windows and Windows Adobe Type Manager Library that improperly handles Adobe Type 1 PostScript format. According to Microsoft, the vulnerability can be exploited via the Windows Preview Pane.

Yes.

Medium. Although this out of band advisory essentially allows for remote code execution, it is deemed Medium risk as exploitation has been limited to targeted attacks. According to Microsoft, there have been no reports of widespread exploitation at the time of this publication.

No.

Windows 10, Windows 7, Windows 8.1, Windows RT, Windows Server 2008, Windows Server 2012, Windows Server 2016 and Windows Server 2019 are affected.

Microsoft has provided a long list of mitigation suggestions that is available on their ADV200006 advisory page. Please refer to the APPENDIX section for a link to the advisory.

IPS coverage for this issue was released in IPS definitions version 15.802:

MS.Win32k.Windows.GDI.Type.1.Font.Privilege.Escalation

AV coverage is not feasible for this issue.

FortiGuard Labs recommends that all AV and IPS definitions are kept up to date on a continual basis, and that organizations maintain a proactive patching routine when vendor updates are available. If it is deemed that patching is not feasible, it is recommended that a risk assessment is conducted to determine additional mitigation safeguards within an environment.