• Yet another font exploit

    Posted on March 23, 2020 at 14:29 CDT by Comment in the Forums

    You’d think that MS would’ve figured out a way to block all of the bad font takeover scenarios, but apparently not. Adobe Type Manager fonts just got hit again, this time with a Type 1 PostScript font.

    MS just released Security Advisory ADV200006: Type 1 Font Parsing Remote Code Execution Vulnerability

    Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.

    There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.

    Doesn’t look like something you should worry about – when MS says it’s seen “limited targeted attacks” that usually means normal people aren’t in the line of fire. Expect more about this next Patch Tuesday.

    There’s a manual workaround, but it’s pretty hairy.

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.