Windows Zero-Day Exploit: Type 1 Font Parsing Remote Code Execution Vulnerability

March 24, 2020

Summary

The Information Security Office (ISO) is aware of the new, unpatched Windows Zero-day exploit, that has been reported by Microsoft[1] and in the press[2]. The vulnerability is currently unpatched; however, workarounds are available.

Impact

An attacker could exploit this vulnerability by tricking a user into opening a crafted document or viewing it in the Windows Preview pane. This attack would work against both servers and clients. Successful exploitation would allow remote code execution. This danger is particularly serious in Windows 7, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. For Windows 10, Windows Server 2016 and Windows Server 2019, the danger is significantly reduced by security features already in place.

Vulnerable

Highly Vulnerable:

  • Windows 7
  • Windows 8.1
  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2

Mildly Vulnerable:

  • Windows 10
  • Windows Server 2016
  • Windows Server 2019 

Recommendations

  • For Windows 8.1 and earlier, apply the workarounds listed in the Microsoft advisory[1].
  • For Windows Server 2008 to Windows Server 2012 R2, apply the workarounds from the Microsoft Advisory if users browse the Internet or read email from the server.
  • For Windows 10, as well as Windows Server 2016 and 2019, apply the patch from Microsoft when it becomes available.

References