{"id":14192,"date":"2020-04-23T00:26:37","date_gmt":"2020-04-22T22:26:37","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=14192"},"modified":"2021-07-05T18:37:25","modified_gmt":"2021-07-05T16:37:25","slug":"0patch-fixt-cve-2020-0687-in-windows-7-server-2008-r2","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/04\/23\/0patch-fixt-cve-2020-0687-in-windows-7-server-2008-r2\/","title":{"rendered":"0patch fixes CVE-2020-0687 in Windows 7\/Server 2008 R2"},"content":{"rendered":"

\"win7\" [German<\/a>]ACROS Security has released a micropatch for the memory corruption vulnerability CVE-2020-0687 in TTF fonts for Windows 7 and Server 2008 R2 (without ESU).<\/p>\n

<\/p>\n

The TTF vulnerability CVE-2020-0687<\/h2>\n

\"\"CVE-2020-0687 is a vulnerability that allows remote code execution (RCE) via specially crafted Windows True Type Fonts (TTF). The whole thing is known as \"Microsoft Graphics Remote Code Execution Vulnerability\" since April 14, 2020.<\/p>\n

Microsoft describes the vulnerability in this document<\/a> and has released security updates for Windows 7 to Windows 10 on April 14, 2020. However, users of Windows 7 SP1 and Windows Server 2008 R2 who do not have an ESU license will no longer receive the security updates released by Microsoft.<\/p>\n

0patch-Fix for Windows 7 SP1\/Server 2008 R2<\/h2>\n

ACROS Security has developed a micropatch for the vulnerability CVE-2020-0687. Mitja Kolsek of ACROS Security has informed me privately that the micropatch has been released for Windows 7 SP1 and Windows Server 2008 R2. There is now also a message on Twitter.<\/p>\n

\n

Windows 7 and Server 2008 R2 users without Extended Security Updates have just received a micropatch for CVE-2020-0687, a memory corruption issue in TTF font parsing that could lead to remote code execution when visiting a web site or opening a malicious document. pic.twitter.com\/VddTKZ5DmS<\/a><\/p>\n

\u2014 0patch (@0patch) April 22, 2020<\/a><\/p><\/blockquote>\n