MS-ISAC ADVISORY NUMBER:
2020-041
DATE(S) ISSUED:
03/23/2020
OVERVIEW:
Multiple vulnerabilities have been discovered in Microsoft Windows Adobe Type Manager Library, the most severe of which could allow an attacker to execute remote code on the affected system. Adobe Type Manager Library is font management library which handles various font files such as OpenType, PostScript and TrueType. Depending on the privileges associated with the affected user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Successful exploitation of these vulnerabilities could allow the attacker to execute remote code on the affected system.
THREAT INTELLIGENCE:
As per Microsoft, there are currently limited targeted attacks against Adobe Type Manager Library.
SYSTEMS AFFECTED:
RISK:
Government:
Businesses:
Home Users:
HIGH
TECHNICAL SUMMARY:
Multiple vulnerabilities have been discovered in Microsoft Windows Adobe Type Manager Library, the most severe of which could allow an attacker to execute remote code on the affected system. An attacker could exploit this vulnerability by convincing a user to open specially crafted font file or viewing it in the Windows Preview pane. Successful exploitation of these vulnerabilities could allow the attacker to execute remote code on the affected system. Depending on the privileges associated with the affected user, an attacker could ..
Support the originator by clicking the read the rest link below.