Mitigating Windows 0-day ADV200006 via GPO

[German]Small hint for administrators of large Windows environments in the Active Directory environment who need to plug the ADV200006 0-day vulnerability. Mitigation is possible using Group Policy.


The Windows 0-day vulnerability ADV200006

In all supported Windows versions, there are two unpatched vulnerabilities in the Adobe Type 1 Manager Library. Both vulnerabilities allow remote code execution because the Windows Adobe Type Manager Library does not correctly handle a specially crafted multi-master font, the Adobe Type 1 PostScript format. An attacker could exploit this vulnerability, for example, by tricking a user into opening a specially crafted document or viewing it in the Windows preview window.

The information is found in ADV200006, all Windows versions are affected, from Windows 7 SP1 to Windows 8.1 and Windows 10 – and of course all server counterparts. On systems running Windows 10, a successful attack can only occur in an AppContainer sandbox context, and thus only allows limited permissions and code execution capabilities. Hackers are now trying to exploit this vulnerability. Microsoft is aware of this vulnerability and is working on a fix, but has not yet released a patch. I expect to have it on the regular patchday, April 14, 2020.

Mitigate vulnerabilities via GPO

Microsoft provides workarounds for older operating systems such as Windows 7 SP1 and Windows 8.1 and their server counterparts to prevent the vulnerability from being exploited. Microsoft has published these workarounds in ADV200006. However, these approaches are not viable in larger corporate environments

Microsoft MVP Sylvain Cortes has written a blog post on how to use Group Policy to make it more difficult or impossible to exploit the vulnerabilities in question. This includes turning off the preview in Windows Explorer and disabling the WebClient – both measures also suggested by Microsoft in ADV200006. Details can be found in the corresponding blog post.


Similar articles:
0-day vulnerability in Windows Adobe Type Library
Microsoft has revised ADV200006 (Type 1 Font Parsing RCE)
0patch fixes 0-day Adobe Type Library bug in Windows 7


This entry was posted in Security, Windows and tagged , . Bookmark the permalink.

1 Response to Mitigating Windows 0-day ADV200006 via GPO

  1. Pingback: How to Mitigate the Windows Font Parsing Zero-Day Bug via GPO | Bleeping Computer

Leave a Reply

Your email address will not be published. Required fields are marked *