CERTFR-2020-ALE-009
Vulnerability from certfr_alerte
[Mise à jour du 15 avril 2020]
Le 14 avril 2020, Microsoft a publié les correctifs de sécurité pour les vulnérabilités CVE-2020-1020 et CVE-2020-0938 à l'occasion de sa mise à jour mensuelle. Le CERT-FR recommande l’application des correctifs dans les plus brefs délais.
Microsoft a également mis à jour son avis ADV200006 pour donner les étapes à suivre pour annuler les effets des mesures de contournement (voir les paragraphes "How to undo the workaround.").
[Publication initiale]
La bibliothèque Adobe Type Manager Library utilisée dans Microsoft Windows assure la gestion des polices de caractère pour le format postscript. Celle-ci est chargée lors de la lecture d'un fichier. La lecture d'un fichier peut être demandée explicitement par l'utilisateur (ouverture d'une pièce jointe) comme implicitement réalisée par un moteur de rendu automatique (prévisualisation de miniatures).
Le 23 mars 2020, l'éditeur a émis un bulletin de sécurité indiquant que cette bibliothèque ne prenait pas correctement en charge le traitement des polices de caractère multi-maîtres. Les deux vulnérabilités associées sont en ce moment exploitées dans la cadre d'un nombre limité d'attaques ciblées. L'éditeur prévoit d'intégrer le correctif dans son cycle régulier de mise à jour.
Ces vulnérabilités peuvent être exploitées en demandant à un utilisateur d'ouvrir un fichier malveillant ou en affichant le document dans l'espace de prévisualisation de l'explorateur de fichier.
Il est à noter que le panneau de prévisualisation de Microsoft Outlook n'est pas impacté par cette vulnérabilité et que l'impact est limité pour les versions de Windows 10 supérieures ou égales à 1703 pour lesquelles la gestion des polices de caractère est gérée dans des conteneurs.
Solution
Se référer au bulletin de sécurité de l'éditeur (cf. section Documentation).
Contournement provisoire
[Mise à jour du 15 avril 2020]
Les correctifs de sécurité sont disponibles depuis le 14 avril 2020, le CERT-FR recommande donc de privilégier leur application par rapport aux mesure de contournement décrites ci-après.
[Publication initiale]
Le CERT-FR recommande d'appliquer les contournements proposés par l'éditeur dans son bulletin de sécurité à savoir :
- La désactivation du panneau de prévisualisation dans Windows Explorer
- La désactivation du service WebClient
- Le renommage ou la désactivation de la bibliothèque ATMFD.DLL
Les deux premières mesures permettent de limiter le chargement automatique de la bibliothèque, mais seul la dernière mesure permet de contourner la vulnérabilité.
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Windows | Windows 10 Version 1809 for 32-bit Systems | ||
| Microsoft | Windows | Windows 10 Version 1909 for x64-based Systems | ||
| Microsoft | Windows | Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | ||
| Microsoft | Windows | Windows 10 Version 1709 for x64-based Systems | ||
| Microsoft | Windows | Windows 10 Version 1709 for ARM64-based Systems | ||
| Microsoft | Windows | Windows 10 Version 1709 for 32-bit Systems | ||
| Microsoft | Windows | Windows 10 Version 1803 for x64-based Systems | ||
| Microsoft | Windows | Windows 10 Version 1903 for x64-based Systems | ||
| Microsoft | Windows | Windows 10 Version 1803 for ARM64-based Systems | ||
| Microsoft | Windows | Windows 10 Version 1803 for 32-bit Systems | ||
| Microsoft | Windows | Windows 10 Version 1903 for ARM64-based Systems | ||
| Microsoft | Windows | Windows 10 Version 1903 for 32-bit Systems | ||
| Microsoft | Windows | Windows Server 2008 for Itanium-Based Systems Service Pack 2 | ||
| Microsoft | Windows | Windows 10 for x64-based Systems | ||
| Microsoft | Windows | Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2008 R2 for x64-based Systems Service Pack 1 | ||
| Microsoft | Windows | Windows Server 2012 | ||
| Microsoft | Windows | Windows Server 2012 R2 | ||
| Microsoft | Windows | Windows Server 2012 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2016 (Server Core installation) | ||
| Microsoft | Windows | Windows 8.1 for 32-bit systems | ||
| Microsoft | Windows | Windows 7 for 32-bit Systems Service Pack 1 | ||
| Microsoft | Windows | Windows RT 8.1 | ||
| Microsoft | Windows | Windows 8.1 for x64-based systems | ||
| Microsoft | Windows | Windows Server 2019 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2008 for x64-based Systems Service Pack 2 | ||
| Microsoft | Windows | Windows Server 2012 R2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 1607 for x64-based Systems | ||
| Microsoft | Windows | Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2016 | ||
| Microsoft | Windows | Windows 10 Version 1607 for 32-bit Systems | ||
| Microsoft | Windows | Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2019 | ||
| Microsoft | Windows | Windows 10 Version 1909 for 32-bit Systems | ||
| Microsoft | Windows | Windows 10 Version 1809 for ARM64-based Systems | ||
| Microsoft | Windows | Windows 7 for x64-based Systems Service Pack 1 | ||
| Microsoft | Windows | Windows Server 2008 for 32-bit Systems Service Pack 2 | ||
| Microsoft | Windows | Windows 10 for 32-bit Systems | ||
| Microsoft | Windows | Windows 10 Version 1809 for x64-based Systems | ||
| Microsoft | Windows | Windows 10 Version 1909 for ARM64-based Systems |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Windows 10 Version 1809 for 32-bit Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1909 for x64-based Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1709 for x64-based Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1709 for ARM64-based Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1709 for 32-bit Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1803 for x64-based Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1903 for x64-based Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1803 for ARM64-based Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1803 for 32-bit Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1903 for ARM64-based Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1903 for 32-bit Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 for Itanium-Based Systems Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 for x64-based Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 8.1 for 32-bit systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 7 for 32-bit Systems Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows RT 8.1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 8.1 for x64-based systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 for x64-based Systems Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 for x64-based Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 for 32-bit Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1909 for 32-bit Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 for ARM64-based Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 7 for x64-based Systems Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 for 32-bit Systems Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 for 32-bit Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 for x64-based Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1909 for ARM64-based Systems",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"closed_at": "2020-06-23",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (cf. section\nDocumentation).\n\n## Contournement provisoire\n\n**\\[Mise \u00e0 jour du 15 avril 2020\\]**\n\nLes correctifs de s\u00e9curit\u00e9 sont disponibles depuis le 14 avril 2020, le\nCERT-FR recommande donc de privil\u00e9gier leur application par rapport aux\nmesure de contournement d\u00e9crites ci-apr\u00e8s.\n\n**\\[Publication initiale\\]**\n\nLe CERT-FR recommande d\u0027appliquer les contournements propos\u00e9s par\nl\u0027\u00e9diteur dans son bulletin de s\u00e9curit\u00e9 \u00e0 savoir :\n\n- La d\u00e9sactivation du panneau de pr\u00e9visualisation dans Windows\n Explorer\n- La d\u00e9sactivation du service WebClient\n- Le renommage ou la d\u00e9sactivation de la biblioth\u00e8que ATMFD.DLL\n\nLes deux premi\u00e8res mesures permettent de limiter le chargement\nautomatique de la biblioth\u00e8que, mais seul la derni\u00e8re mesure\u00a0 permet de\ncontourner la vuln\u00e9rabilit\u00e9.\n",
"cves": [
{
"name": "CVE-2020-1020",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1020"
},
{
"name": "CVE-2020-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0938"
}
],
"initial_release_date": "2020-03-24T00:00:00",
"last_revision_date": "2020-06-23T00:00:00",
"links": [
{
"title": "Avis CERT-FR CERTFR-2020-AVI-224 du 15 avril 2020",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2020-AVI-224/"
}
],
"reference": "CERTFR-2020-ALE-009",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-03-24T00:00:00.000000"
},
{
"description": "Disponibilit\u00e9 des correctifs et ajout des identifiants CVE",
"revision_date": "2020-04-15T00:00:00.000000"
},
{
"description": "Correction CVE-2020-1020 au lieu de CVE-2020-2010",
"revision_date": "2020-04-16T00:00:00.000000"
},
{
"description": "Cl\u00f4ture de l\u0027alerte. La cl\u00f4ture d\u0027une alerte ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
"revision_date": "2020-06-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "\u003cstrong\u003e\\[Mise \u00e0 jour du 15 avril 2020\\]\u003c/strong\u003e\n\nLe 14 avril 2020, Microsoft a publi\u00e9 les correctifs de s\u00e9curit\u00e9 pour les\nvuln\u00e9rabilit\u00e9s CVE-2020-1020 et CVE-2020-0938 \u00e0 l\u0027occasion de sa mise \u00e0\njour mensuelle. Le CERT-FR recommande l\u2019application des correctifs dans\nles plus brefs d\u00e9lais.\n\nMicrosoft a \u00e9galement mis \u00e0 jour son\navis\u00a0[ADV200006](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200006)\u00a0pour\ndonner les \u00e9tapes \u00e0 suivre pour annuler les effets des mesures de\ncontournement (voir les paragraphes \"\u003cstrong\u003eHow to undo the workaround.\u003c/strong\u003e\").\n\n\u003cstrong\u003e\\[Publication initiale\\]\u003c/strong\u003e\n\nLa biblioth\u00e8que *Adobe Type Manager Library* utilis\u00e9e dans *Microsoft\nWindows* assure la gestion des polices de caract\u00e8re pour le format\npostscript. Celle-ci est charg\u00e9e lors de la lecture d\u0027un fichier. La\nlecture d\u0027un fichier peut \u00eatre demand\u00e9e explicitement par l\u0027utilisateur\n(ouverture d\u0027une pi\u00e8ce jointe) comme implicitement r\u00e9alis\u00e9e par un\nmoteur de rendu automatique (pr\u00e9visualisation de miniatures).\n\nLe 23 mars 2020, l\u0027\u00e9diteur a \u00e9mis un bulletin de s\u00e9curit\u00e9 indiquant que\ncette biblioth\u00e8que ne prenait pas correctement en charge le traitement\ndes polices de caract\u00e8re multi-ma\u00eetres. Les deux vuln\u00e9rabilit\u00e9s\nassoci\u00e9es sont en ce moment exploit\u00e9es dans la cadre d\u0027un nombre limit\u00e9\nd\u0027attaques cibl\u00e9es. L\u0027\u00e9diteur pr\u00e9voit d\u0027int\u00e9grer le correctif dans son\ncycle r\u00e9gulier de mise \u00e0 jour.\n\nCes vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es en demandant \u00e0 un utilisateur\nd\u0027ouvrir un fichier malveillant ou en affichant le document dans\nl\u0027espace de pr\u00e9visualisation de l\u0027explorateur de fichier.\n\nIl est \u00e0 noter que le panneau de pr\u00e9visualisation de *Microsoft Outlook*\nn\u0027est pas impact\u00e9 par cette vuln\u00e9rabilit\u00e9 et que l\u0027impact est limit\u00e9\npour les versions de *Windows* 10 sup\u00e9rieures ou \u00e9gales \u00e0 1703 pour\nlesquelles la gestion des polices de caract\u00e8re est g\u00e9r\u00e9e dans des\nconteneurs.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows ADV200006 du 23 mars 2020",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200006"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…