[German]The team from ACROS Security have released a micropatch for Windows 7 SP1 (without ESU) for the 0-day vulnerability in the Adobe Type 1 Library that is included in all versions of Windows.
The 0-day vulnerability in the Adobe Type Library
On March 23, 2020, Microsoft publicly disclosed a 0-day vulnerability in the Adobe Type Library of all still supported versions of Windows. According to ADV200006, Microsoft writes that there are two vulnerabilities in Microsoft Windows that allow remote code execution because the Windows Adobe Type Manager Library does not correctly handle a specially crafted multi-master font – the Adobe Type 1 PostScript format.
An attacker could exploit the vulnerability, for example, by tricking a user into opening a specially crafted document or viewing it in the Windows preview window. Microsoft is working to resolve this vulnerability and has posted some mitigation measures in ADV200006. I had reported in detail in the blog post 0-day vulnerability in Windows Adobe Type Library.
0patch brings a fix for Windows 7 SP1
There are two problems associated with the safety instructions in ADV200006: There is currently no patch from Microsoft, and users of Windows 7 SP1 and Windows Server 2008 R2 who do not have an ESU license will no longer receive the security updates released by Microsoft.
Yesterday I had already noticed that ACROS Security has developed and is testing a micropatch for the 0-day vulnerability. I had asked Mitja Kolsek from ACROS Security to keep me up to date about this process. I have just been informed by a private information that the micropatch has been released for Windows 7 SP1 and Windows Server 2008 R2. Meanwhile there is also a message on Twitter.
We have just issued our first micropatch for the yet-unpatched Type 1 Font Parsing Remote Code Execution Vulnerability that was found exploited in limited targeted attacks. https://t.co/T8xK8bTIvr pic.twitter.com/lTi7uXu5Ri
— 0patch (@0patch) March 26, 2020
Because of the importance for Windows 7 users, ACROS Security has decided to release the Micropatch not only for their paid PRO plan, but also for all users, including all users of 0patch Free. So if you have installed the 0patch agent on Windows 7 SP1, the Micropatch will protect you from the 0patch vulnerability. The micropatch is available for all 0patch users for Windows 7 64-bit as well as for Windows Server 2008 R2 via the 0patch PRO solution.
Our next step will be to port the micropatch to other affected Windows versions including Windows 7 and Windows Server 2008 R2 with ESU, Windows 8.1 and Windows Server 2012, both 32-bit and 64-bit.
— 0patch (@0patch) March 26, 2020
A port for further Windows versions is planned according to the above tweet. ACROS Security has published this blog post with further information on the topic. There is also a series of tweets with further details. Hints on how the 0patch agent, which loads the micropatches into memory at runtime of an application, works can be found in the blog posts I linked below.
Windows 7: Forcing February 2020 Security Updates – Part 1
Windows 7: Securing with the 0patch solution – Part 2 – Part 2
Windows 7/Server 2008/R2: 0patch delivers security patches after support ends
Project: Windows 7/Server 2008/R2 Life Extension & 0patch one month trial
0patch: Fix for Internet Explorer 0-day vulnerability CVE-2020-0674
0patch: Fix for Windows Installer flaw CVE-2020-0683
0patch fix for Windows GDI+ vulnerability CVE-2020-0881
0-day vulnerability in Windows Adobe Type Library