{"id":13909,"date":"2020-04-01T00:14:22","date_gmt":"2020-03-31T22:14:22","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=13909"},"modified":"2024-10-05T21:04:29","modified_gmt":"2024-10-05T19:04:29","slug":"mitigating-windows-0-day-adv200006-via-gpo","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/04\/01\/mitigating-windows-0-day-adv200006-via-gpo\/","title":{"rendered":"Mitigating Windows 0-day ADV200006 via GPO"},"content":{"rendered":"

[German<\/a>]Small hint for administrators of large Windows environments in the Active Directory environment who need to plug the ADV200006 0-day vulnerability. Mitigation is possible using Group Policy. <\/p>\n

<\/p>\n

The Windows 0-day vulnerability ADV200006<\/h2>\n

\"\"In all supported Windows versions, there are two unpatched vulnerabilities in the Adobe Type 1 Manager Library. Both vulnerabilities allow remote code execution because the Windows Adobe Type Manager Library does not correctly handle a specially crafted multi-master font, the Adobe Type 1 PostScript format. An attacker could exploit this vulnerability, for example, by tricking a user into opening a specially crafted document or viewing it in the Windows preview window.<\/p>\n

The information is found in ADV200006<\/a>, all Windows versions are affected, from Windows 7 SP1 to Windows 8.1 and Windows 10 – and of course all server counterparts. On systems running Windows 10, a successful attack can only occur in an AppContainer sandbox context, and thus only allows limited permissions and code execution capabilities. Hackers are now trying to exploit this vulnerability. Microsoft is aware of this vulnerability and is working on a fix, but has not yet released a patch. I expect to have it on the regular patchday, April 14, 2020. <\/p>\n

Mitigate vulnerabilities via GPO<\/h2>\n

Microsoft provides workarounds for older operating systems such as Windows 7 SP1 and Windows 8.1 and their server counterparts to prevent the vulnerability from being exploited. Microsoft has published these workarounds in ADV200006<\/a>. However, these approaches are not viable in larger corporate environments<\/p>\n

\n

FYI, i created a blog post which describes how to mitigate this in a large AD environment using GPOs – here is post link: https:\/\/t.co\/BtVt3ejZvw<\/a> #ActiveDirectory<\/a> #GPO<\/a> #ADV200006<\/a> pic.twitter.com\/kUUVIlEW4m<\/a><\/p>\n

\u2014 Sylvain Cortes (@sylvaincortes) March 29, 2020<\/a><\/p><\/blockquote>\n