CERT-EN Alert : Multiple vulnerabilities in Microsoft Windows

CERT-FR issues alert for multiple vulnerabilities in Microsoft Windows that allow arbitrary code to run remotely.

Microsoft said on Monday that it was aware of an uncorrected vulnerability in the Windows Adobe Type Manager library which is actively exploited by hackers. As part of a new safety advisory, Microsoft warns that there are two faults for running code remotely (Bl) Classified Reviews in the library that can be exploited in a number of ways.

The Adobe Type Manager Library used in Microsoft Windows manages fonts for the postscript format. It is loaded when reading a file. The reading of a file can be requested explicitly by the user (opening an attachment) as implicitly performed by an automatic rendering engine (preview of miniatures).

Le CERT-FR recommends applying the circumventions proposed by the publisher in its security bulletin, i.e.. See the safety bulletin Microsoft Windows ADV200006 of the 23 March 2020

Zero-day vulnerability

In the field of computer security, a Zero-day vulnerability (in french : Zero-day) is a computer vulnerability was the subject of any publication or having no known fix. The existence of a such flaw on a product mean that no protection exists, whether palliative or final. Zero-day terminology does not qualify the seriousness of the fault : as any vulnerability, its severity depends on the importance of the damage that can be caused, and the existence of a feat, that is a technique exploiting this loophole in order to drive unwanted actions on the product concerned. (Sources)