Windows 10: 0Patch publishes micropatch to address Windows Font Parsing vulnerability

Microsoft published an advisory about a new font parsing vulnerability in Windows on March 23, 2020. The company rated the vulnerability as critical and said that it was aware of limited targeted attacks exploiting the vulnerability.

Microsoft listed several workarounds to mitigate attacks but they all reduced functionality for users in one way or another.

Microsoft has yet to release a security patch to address the issue for all versions of Windows affected by the vulnerability.

Security company 0Patch, well-known for its pledge to create and distribute patches for the Windows 7 and Windows Server 2008 R2 operating systems that ran out of official support this year. While business and Enterprise customers may extend support by up to three years, home users cannot officially and 0Patch patches.

Microsoft already announced that it won't provide the font parsing patch for unsupported versions of Windows 7 while it will provide it to companies and Enterprise organizations that have joined the ESU program to receive extended support updates.

0Patch announced today that it has created a micro-patch for the font parsing vulnerability that affects all major client and server versions of the Windows operating system.

A blog post on the official 0Patch blog lists the official information and analyzes the workarounds that Microsoft posted. While all work to a degree, all have disadvantages that 0Patch highlights. Disabling the preview pane, details pane and thumbnails in Windows Explorer for example only blocks attacks when the file manager is used but it won't protect against other attack vectors.



The team analyzed the vulnerability -- it had to since Microsoft did not disclose details about it -- and found a solution that it turned into a micro patch.

Basically, what 0Patch did was put a bouncer in front of font operations if Adobe Type 1 Script fonts are used so that the vulnerability cannot be exploited.

So we decided to find the common execution point that various Windows applications such as Windows Explorer, Font Viewer, and applications using Windows-integrated font support are using to pass a font to Windows, then place a bouncer there that would keep Adobe Type 1 PostScript fonts out.
​

The blog post goes into detail and users interested in additional details may check it out for additional information on the implementation.

All administrators need to do is install the micro patch on the device to protect it against the vulnerability.

With this micropatch in place, all applications using Windows GDI for font-related operations will find any Adobe Type 1 PostScript fonts rendered invalid and unable to load. For example, Windows Explorer will start looking like this when viewing a folder with a pair of otherwise valid PFM and PFB files.
​

The patch is available for free for Windows 7 64-bit and Windows Server 2008 R2 without Extended Security Updates. 0Patch plans to create patches for ESU versions of Windows 7 and Windows Server 2008 R2, as well as Windows 8.1 and Windows Server 2012 soon as well.

Windows 10 and Server won't receive the patch as these systems face less of a risk from the vulnerability than previous versions of Windows.

Here is a video by the company:


Now You: Do you use 0Patch software to micro-patch vulnerabilities?

Thank you for being a Ghacks reader. The post 0Patch publishes micropatch to address Windows Font Parsing vulnerability appeared first on gHacks Technology News.

read more...

 

Temporary micropatch available for zero-day Windows exploit

"0patch is a boon for organisations that delay updates (potential vulnerability fixes) for months after they've been released. For home users.."

 

WPA2 Vulnerability Found

A small update with regards to the Microsoft fix. The fix itself is sufficient to solve the issue on Windows, even if your WiFi device has no driver update, with one caveat:

Does this security update fully address these vulnerabilities on Microsoft Platforms, or do I need to perform any additional steps to be fully protected?
The provided security updates address the reported vulnerabilities; however, when affected Windows based systems enter a connected standby mode in low power situations, the vulnerable functionality may be offloaded to installed Wi-Fi hardware. To fully address potential vulnerabilities, you are also encouraged to contact your Wi-Fi hardware vendor to obtain updated device drivers. For a listing of affected vendors with links to their documentation, review the ICASI Multi-Vendor Vulnerability Disclosure statement here: http://www.icasi.org/wi-fi-protected-access-wpa-vulnerabilities

Source: {{windowTitle}}

 

Fonts not working in Word, but working in Excel and Publisher

I have a number of installed fonts that are working fine in Excel and Publisher, but are not working at all in Word. The fonts are listed, but when I select them, it displays and prints a generic font instead of the font that is selected.