国内试镜 Windows字体知道高危轻佻风险指示
发布日期:2025-03-28 22:44 点击次数:102
1.轻佻公告国内试镜
近日,微软官方更新发布了PostScript字体(Type 1)在知道时存在而已代码实行轻佻的安全公告,公告编号:ADV200006,干系邻接参考:https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/adv200006国内试镜。
证据公告,微软仍是获悉行使这一0day轻佻的有针对性攻击(有高价值的运筹帷幄),基于轻佻的严重性,这次是例外发布、非月度安全更新,轻佻存在于系统自带PostScript字体(Type 1)知道时存在的内存龙套轻佻行使从而导致而已代码实行,坏心攻击者可通过多种神气行使此轻佻,包括诱使用户掀开含有攻击代码的文档或在Windows预览窗格中检察缩略图等,顺利行使此轻佻不错取得运筹帷幄用户现时权限或系统权限,提议尽快装置安全更新补丁或领受临时缓解形式加固系统。
2.影响范畴
PostScript字体(Type 1)知道轻佻影响以下系统:
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1国内试镜
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
3.轻佻形色
证据分析,Windows系统自带的Windows Adobe Type Manager库在知道PostScript字体(Type 1)时存在内存龙套轻佻,坏心攻击者可通过多种神气行使此轻佻,包括诱使用户掀开含有攻击代码的文档或在Windows预览窗格中检察缩略图等神气,在一些攻击结尾用户场景中不错无感知行使,提议尽快装置安全更新补丁或领受临时缓解形式加固系统。
4.缓解形式
高危:微软仍是获悉行使这一0day轻佻的有针对性攻击(有高价值的运筹帷幄),当今轻佻细节和行使代码暂未公开,但不错通过补丁对比神气定位轻佻触发点并开发轻佻行使代码,提议实时测试安全更新补丁并应用装置,或领受临时缓解形式加固系统。
临时缓解形式(不便捷打补丁的情况下接头的有限形式):
1.禁用资源处理器预览和细节窗格神气
不错通过在Windows资源处理器中禁用预览和细心信息窗格来抨击在Windows资源处理器中自动流露OTF字体的神气缓解,固然这不错防患在Windows资源处理器中检察坏心文献,但并不可抨击进程身份考证的土产货用户开动非凡想象的要领来行使此轻佻。
Windows Server 2008、Windows 7、Windows Server 2008 R2、Windows Server 2012、Windows Server 2012 R2和Windows 8.1系统中实行:
资源处理器->组织->布局->细节窗格和预览窗格(取消打勾)
文献夹选项->高等开辟->长期流露图标,从不流露缩略图(勾选)
Windows Server 2016、Windows 10和Windows Server 2019系统中实行:
资源处理器->组织->布局->细心信息窗格和预览窗格(取消打勾)
文献夹选项->高等开辟->长期流露图标,从不流露缩略图(勾选)
2.禁用WebClient办事
不错通过禁用WebClient办事抨击通过Web散播式创作和版块处理(WebDAV)客户端办事触发的而已攻击序论,从而匡助保护受影响的系统免受此轻佻的危害。不外,顺利行使此轻佻的而已攻击者仍有可能使系统实行位于运筹帷幄用户运筹帷幄机或局域网(LAN)上的要领,关联词在掀开来自Internet区域的纵容要领之前,会指示用户赐与证明。
开动->services.msc->WebClient(禁用)
国产综合自拍偷拍在线重定名文献ATMFD.DLL文献
不错通过重定名ATMFD.DLL文献抨击字体知道调用,32位系统中该文献在"%windir%\system32"目次下,64位系统中该文献在"%windir%\system32"和"%windir%\syswow64"目次下。
32位系统在处理员身份开动的敕令指示符下实行:
cd "%windir%\system32"
takeown.exe /f atmfd.dll
icacls.exe atmfd.dll /save atmfd.dll.acl
icacls.exe atmfd.dll /grant Administrators:(F)
rename atmfd.dll x-atmfd.dll
顺利完成后,文献将被名命成x-atmfd.dll,为使更始顺利,需要重启系统。
64位系统在处理员身份开动的敕令指示符下实行:
cd "%windir%\system32"
takeown.exe /f atmfd.dll
icacls.exe atmfd.dll /save atmfd.dll.acl
icacls.exe atmfd.dll /grant Administrators:(F)
rename atmfd.dll x-atmfd.dll
cd "%windir%\syswow64"
takeown.exe /f atmfd.dll
icacls.exe atmfd.dll /save atmfd.dll.acl
icacls.exe atmfd.dll /grant Administrators:(F)
rename atmfd.dll x-atmfd.dll
顺利完成后,文献将被名命成x-atmfd.dll,为使更始顺利,需要重启系统。
要收复所作临时更始和版块因循阐发不错参考微软官方文档:
https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/adv200006
