All versions of Windows are prone to critical unpatched remote code execution (RCE) vulnerabilities. Microsoft is currently working on a solution which should be deployed as part of next month’s Patch Tuesday.
For Windows 7 users, patches will be available only to those who have paid for ESU license. Until then, Windows users and administrators can apply a workaround to avoid any active exploits.
Where Do the RCE Vulnerabilities Originate from?
The issues come from the Windows Adobe Type Manager Library, and are related to the parsing of fonts.
According to the official Microsoft advisory, the company is “aware of limited targeted attacks that could leverage unpatched vulnerabilities in Adobe Type Manager Library.”
More specifically, two remote code execution flaws exist in Microsoft Windows, under the condition that the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.
The flaws can be exploited in various attack scenarios. A trivial scenario is convincing a user to open a specifically crafted document or viewing it in the Windows Preview pane.
As already mentioned, Microsoft is working on a solution, which should be released on Update Tuesday, the second Tuesday of each month. “This predictable schedule allows for partner quality assurance and IT planning, which helps maintain the Windows ecosystem as a reliable, secure choice for our customers,” the advisory says.
The Workarounds
Unfortunately, despite being a temporary solution, the available workarounds could have side-effects. If applied, Windows will not be able to preview OTF fonts, and WebDAV requests will not be transmitted.
“Disabling the Preview and Details panes in Windows Explorer prevents the automatic display of OTF fonts in Windows Explorer. While this prevents malicious files from being viewed in Windows Explorer, it does not prevent a local, authenticated user from running a specially crafted program to exploit this vulnerability,” Microsoft also notes.
To disable the Preview and Details panes in Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows 8.1, you can follow these steps:
1. Open Windows Explorer, click Organize, and then click Layout.
2. Clear both the Details pane and Preview pane menu options.
3. Click Organize, and then click Folder and search options.
4. Click the View tab.
5. Under Advanced settings, check the Always show icons, never thumbnails box.
6. Close all open instances of Windows Explorer for the change to take effect.
More information about the RCE vulnerabilities, affected versions of Windows and the corresponding possible workarounds, you can find in the Microsoft official advisory.
We recently wroted about a curious case with one particular “ghost” remote code execution vulnerability. Microsoft leaked information about CVE-2020-0796, a wormable pre-auth remote code execution flaw in the Server Message Block 3.0 (SMBv3) network communication protocol. The vulnerability should have been disclosed as part of March 2020 Patch Tuesday.
It is curious that Microsoft didn’t publish an advisory about CVE-2020-0796. What is known is that the vulnerability is stemming from an error that happens when the SMBv3 handles maliciously compressed data packets. The flaw could allow remote, unauthenticated attackers to execute arbitrary code within the context of the application. Read more about CVE-2020-0796.