CYBER NEWS

ADV200006: Microsoft Windows Can Be Hacked Via Crafted Fonts

Microsoft Windows has been the attack of computer criminals following the discovery of a bug in the system which allows specially crafted documents to be used to deliver malware to the victim systems. The issue is tracked in the ADV200006 security advisory and affects both desktop and server editions of the operating system suite.




The ADV200006 Advisory Reveals How Microsoft Windows Computer Can Be Hacked By Crafted Documents

The possibility of intruding onto Microsoft Windows computers using documents has been revealed in a dangerous vulnerability. The weakness was found in the way fonts are managed by the operating system. Since the initial discovery of the problem in April this year the has produced fixes for all modern versions of Microsoft Windows. The advisory which is applied to the issue is called ADV20000: Type 1 Font Parsing Remote Code Execution Vulnerability. The issue was found to be contained in a library called Windows Adobe Type Manager which is used by the operating system in order to handle PostScript Type 1 fonts. They are used by office programs and graphics editing software in order to display a certain type of founts and in order to show them in preview panels and other auxiliary software.

Related:
The vulnerabilities are rated critical as they allow RCE, and it appears that they were actively exploited in the wild in targeted attacks.
CVE-2020-6819, CVE-2020-6820: Critical Zero-Day Bugs in Firefox

When exploited by the affected programs the vulnerability will allow attackers to conduct remote code execution leading to infection with viruses, files corruption and other dangerous activity. The criminals will need to create special fonts that are created in a way which will trigger the bug. There are several ways through which this can be done — the users can be sent phishing messages that include documents containing the hacker-made fonts or sending out files that are then viewed using the Windows Preview pane, once again containing the devised fonts.

Microsoft has released updates for this advisory as part of a subsequent advisory release tracked in CVE-2020-1020. We advise all Microsoft Windows users to apply all latest security updates in order to stay safe. As the bug was rated as dangerous the company provided temporary mitigation until the fix was released.

Avatar

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...