易记彩票

Type1 字体解析远程代码执行漏洞(0day)风险通告

2020年03月24日 作者: 瀚思科技

漏洞概述

3YUE23RI,WEIRUANFABUADV200006HAOTONGGAO,CHENGQIFAXIANMUQIANYOUZAIYEGONGJILIYONGAdobe Type Manager LibraryZHONGDE2GE0-dayLOUDONG。ZHEILIANGGEYUANCHENGDAIMAZHIXINGLOUDONGDEYUANYINZHUYAOSHIWindows Adobe Type Manager LibraryBINGMEIYOUZHENGQUECHULITESHUGOUZAODEDUOZHONGMUBANZITI——Adobe Type1 PostScriptGESHI,LOUDONGPINGGUYANZHONG,YITINGZHIFUWUDEWIN7YESHOUDAOLOUDONGYINGXIANG,GONGJIZHEKEYIJINGXINGOUZAOYIGEEYIDEWENDANGBINGYOUSHIYONGHUSHIYONGWindows Preview paneYULAN,CONGERLIYONGGAILOUDONGLAIYUANCHENGZHIXINGDAIMA。 MUQIANWEIRUANZHENGZAIZHUNBEILOUDONGXIANGGUANDEBUDING,YUJIXIAGEYUEDEBUDINGRIHUIFABU,ZANSHIZHITIGONGHUANJIEFANGSHI。

风险等级

HULIANWANGZANWEIGONGBULIYONGFANGFAHEPOC,HANSIJIANGCHIXUGUANZHU。

影响版本

应对建议

对于 32 位系统:

1.ZAIGUANLIMINGLINGTISHIFUCHUSHURUYIXIAMINGLING:

cd "%windir%\system32"

takeown.exe /f atmfd.dll

icacls.exe atmfd.dll /save atmfd.dll.acl

icacls.exe atmfd.dll /grant Administrators:(F)

rename atmfd.dll x-atmfd.dll

2.ZHONGQIXITONG。

对于 64 位系统:

1.ZAIGUANLIMINGLINGTISHIFUCHUSHURUYIXIAMINGLING:

cd "%windir%\system32"

takeown.exe /f atmfd.dll

icacls.exe atmfd.dll /save atmfd.dll.acl

icacls.exe atmfd.dll /grant Administrators:(F)

rename atmfd.dll x-atmfd.dll

cd "%windir%\syswow64"

takeown.exe /f atmfd.dll

icacls.exe atmfd.dll /save atmfd.dll.acl

icacls.exe atmfd.dll /grant Administrators:(F)

rename atmfd.dll x-atmfd.dll

2.ZHONGQIXITONG。

在 Windows 资源管理器中禁用预览窗格和详细信息窗格

ZAI Windows ZIYUANGUANLIQIZHONGJINYONGYULANHEXIANGXIXINXICHUANGGEJIANGZUZHIZAI Windows ZIYUANGUANLIQIZHONGZIDONGXIANSHI OTF ZITI。SUIRANZHEIKEYIFANGZHIZAI Windows ZIYUANGUANLIQIZHONGCHAKANEYIWENJIAN,DANBINGBUNENGZUZHIJINGGUOSHENFENYANZHENGDEBENDIYONGHUYUNXINGTESHUSHEJIDECHENGXULAILIYONGCILOUDONG。

YAOZAI Windows Server 2008、Windows 7、Windows Server 2008 R2、Windows Server 2012、Windows Server 2012 R2 HE Windows 8.1 ZHONGJINYONGZHEIXIECHUANGGE,QINGZHIXINGYIXIABUZHOU:

1.DAKAI Windows ZIYUANGUANLIQI,DANJIZUZHI,RANHOUDANJIBUJU。

2.QINGCHUXIANGXIXINXICHUANGGEHEYULANCHUANGGEDECAIDANXUANXIANG。

3.DANJIZHENGLI,RANHOUDANJIWENJIANJIAHESOUSUOXUANXIANG。

4.DANJISHITUXUANXIANGKA。

5.ZAIGAOJISHEZHIXIA,XUANZHONGSHIZHONGXIANSHITUBIAO,CONGBUXIANSHISUOLVETUKUANG。

6.GUANBI Windows ZIYUANGUANLIQIDESUOYOUDAKAIDESHILI,YISHIGENGGAISHENGXIAO。

DUIYU Windows Server 2016、Windows 10 HE Windows Server 2019,QINGZHIXINGYIXIABUZHOU:

1.DAKAI Windows ZIYUANGUANLIQI,DANJISHITUXUANXIANGKA。

2.QINGCHUXIANGXIXINXICHUANGGEHEYULANCHUANGGEDECAIDANXUANXIANG。

3.DANJIXUANXIANG,RANHOUDANJIGENGGAIWENJIANJIAHESOUSUOXUANXIANG。

4.DANJISHITUXUANXIANGKA。

5.ZAIGAOJISHEZHIXIA,XUANZHONGSHIZHONGXIANSHITUBIAO,CONGBUXIANSHISUOLVETUKUANG。

6.GUANBI Windows ZIYUANGUANLIQIDESUOYOUDAKAIDESHILI,YISHIGENGGAISHENGXIAO。

禁用 WebClient 服务

JINYONG WebClient FUWUKEYITONGGUO Web FENBUSHICHUANGZUOHEBANBENGUANLI (WebDAV)KEHUDUANFUWULAIZUZHIZUIKENENGDEYUANCHENGGONGJIMEIJIE,CONGERBANGZHUBAOHUSHOUYINGXIANGDEXITONGMIANSHOUCILOUDONGDEWEIHAI。ZAIYINGYONGCIBIANTONGBANFAHOU,CHENGGONGLIYONGCILOUDONGDEYUANCHENGGONGJIZHERENGYOUKENENGSHIXITONGZHIXINGWEIYUMUBIAOYONGHUJISUANJIHUOJUYUWANG (LAN) SHANGDECHENGXU,DANSHIZAIDAKAILAIZI Internet DERENYICHENGXUZHIQIAN,HUITISHIYONGHUJIYUQUEREN。

YAOJINYONG WebClient FUWU,QINGANZHAOYIXIABUZHOUCAOZUO:

1.DANJIKAISHI,DANJIYUNXING(HUOANJIANPANSHANGDEWindows JIANHER),JIANRU Services.msc,RANHOUDANJIQUEDING。

2.YOUJIANDANJI WebClient FUWU,RANHOUXUANZESHUXING。

3.JIANGQIDONGLEIXINGGENGGAIWEIJINYONG。RUGUOFUWUZHENGZAIYUNXING,QINGDANJITINGZHI。

4.DANJIQUEDING,TUICHUGUANLIYINGYONGCHENGXU。

参考链接

http://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006