微软4月安全更新补丁和高危裂缝风险教导: 伊伊系列
【裂缝公告】
2020年4月14日,微软官方发布了4月安全更新公告,包含了微软眷属多个软件的安全更新补丁,同期更新发布了3月22日临时安全公告的Windows Adobe PostScript字体(Type 1)理会时存在的而已代码推行裂缝补丁,该裂缝对应CVE编号CVE-2020-1020、CVE-2020-0938,关系麇集参考:
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2020-1020
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2020-0938
3月23日公告:
https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/adv200006
把柄公告,微软还是获悉诓骗这一0day裂缝的有针对性报复(有高价值的方针),基于裂缝的严重性,这次对还是停服的Windows 7也提供了补丁、提倡尽快装置安全更新补丁或取舍临时缓解按次加固系统。
【影响限度】
字体理会裂缝影响和微软还是提供补丁的的系统列表(包括停服的Windows 7):
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1伊伊系列
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server, version 1803 (Server Core Installation)
Windows Server, version 1903 (Server Core installation)
Windows Server, version 1909 (Server Core installation)
Windows 7补丁下载:
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4550965
【裂缝描绘】
把柄分析,Windows系统自带的Windows Adobe Type Manager库在理会PostScript字体(Type 1)时存在缓冲区溢露马脚,坏心报复者可通过多种形式诓骗此裂缝,包括诱使用户灵通含有报复代码的文档或在Windows预览窗格中稽查缩略图等形式,在一些报复终局用户场景中不错无感知诓骗,提倡尽快装置安全更新补丁或取舍临时缓解按次加固系统。
4月安全公告列表,包含的其他裂缝(非沿途)快速阅读辅导:
https://portal.msrc.microsoft.com/zh-cn/security-guidance/releasenotedetail/2020-Apr
CVE-2020-0760 | Microsoft Office 而已推行代码裂缝
CVE-2020-0835 | Windows Defender 反坏心软件平台硬麇集权限普及裂缝
CVE-2020-0906 | Microsoft Excel 而已推行代码裂缝
CVE-2020-0920 | Microsoft SharePoint 而已推行代码裂缝
CVE-2020-0929 | Microsoft SharePoint 而已推行代码裂缝
CVE-2020-0931 | Microsoft SharePoint而已推行代码裂缝
CVE-2020-0932 | Microsoft SharePoint而已推行代码裂缝
CVE-2020-0935 | Windows的OneDrive特权普及裂缝
三级片在线CVE-2020-0961 | Microsoft Office Access联接引擎而已推行代码裂缝
CVE-2020-0971 | Microsoft SharePoint而已推行代码裂缝
CVE-2020-0974 | Microsoft SharePoint而已推行代码裂缝
CVE-2020-0979 | Microsoft Excel而已推行代码裂缝
CVE-2020-0980 | Microsoft Word而已推行代码裂缝
CVE-2020-0991 | Microsoft Office而已推行代码裂缝
CVE-2020-1002 | Microsoft Defender特权普及裂缝。
【缓解按次】
高危:微软还是获悉诓骗这一0day裂缝的有针对性报复(有高价值的方针),当今裂缝细节和诓骗代码还是公开,提倡实时测试安全更新补丁并应用装置,或取舍临时缓解按次加固系统。
临时缓解按次(不通俗打补丁的情况下探究的有限按次):
1.禁用资源惩处器预览和细节窗格形式
不错通过在Windows资源惩处器中禁用预览和详备信息窗格来退却在Windows资源惩处器中自动清爽OTF字体的形式缓解,固然这不错注意在Windows资源惩处器中稽查坏心文献,但并不行退却经由身份考据的腹地用户运转出奇联想的要领来诓骗此裂缝。
Windows Server 2008、Windows 7、Windows Server 2008 R2、Windows Server 2012、Windows Server 2012 R2和Windows 8.1系统中推行:
资源惩处器->组织->布局->细节窗格和预览窗格(取消打勾)
文献夹选项->高档诞生->长期清爽图标,从不清爽缩略图(勾选)
Windows Server 2016、Windows 10和Windows Server 2019系统中推行:
资源惩处器->组织->布局->详备信息窗格和预览窗格(取消打勾)
文献夹选项->高档诞生->长期清爽图标,从不清爽缩略图(勾选)
2.禁用WebClient工作
不错通过禁用WebClient工作退却通过Web散播式创作和版块惩处(WebDAV)客户端工作触发的而已报复前言,从而匡助保护受影响的系统免受此裂缝的危害。不外,得顺利用此裂缝的而已报复者仍有可能使系统推行位于方针用户筹算机或局域网(LAN)上的要领,然则在灵通来自Internet区域的任性要领之前,会教导用户给以证据。
运转->services.msc->WebClient(禁用)
3. 重定名文献ATMFD.DLL文献
不错通过重定名ATMFD.DLL文献退却字体理会调用,32位系统中该文献在%windir%\system32目次下,64位系统中该文献在%windir%\system32和%windir%\syswow64目次下。
32位系统在惩处员身份运转的号令教导符下推行:
cd %windir%\system32
takeown.exe /f atmfd.dll
icacls.exe atmfd.dll /save atmfd.dll.acl
icacls.exe atmfd.dll /grant Administrators:(F)
rename atmfd.dll x-atmfd.dll
得胜完成后,文献将被名命成x-atmfd.dll,为使改革奏效,需要重启系统。
64位系统在惩处员身份运转的号令教导符下推行:
cd %windir%\system32
takeown.exe /f atmfd.dll
icacls.exe atmfd.dll /save atmfd.dll.acl
icacls.exe atmfd.dll /grant Administrators:(F)
rename atmfd.dll x-atmfd.dll
cd %windir%\syswow64
takeown.exe /f atmfd.dll
icacls.exe atmfd.dll /save atmfd.dll.acl
icacls.exe atmfd.dll /grant Administrators:(F)
rename atmfd.dll x-atmfd.dll
得胜完成后,文献将被名命成x-atmfd.dll,为使改革奏效,需要重启系统。
要还原所作临时改革和版块救助讲解不错参考微软官方安全更新文档:
https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/adv200006
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2020-1020
https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2020-0938
