0patch releases Windows 7 and Server 2008 micropatch for font parsing vulnerabilities
Last Monday, we reported that Microsoft found attackers exploiting font parsing code vulnerabilities in Windows. The vulnerabilities in question are the result of the Windows Adobe Type Manager Library improperly handling the Adobe Type 1 PostScript format. So long as these vulnerabilities are present in Windows, an attacker can run malware on a remote user’s device by way of a malicious OTF file viewed on said device. There is currently no fix for the vulnerabilities, though Microsoft is working on one. However, it seems to have been confirmed by a Microsoft spokesperson that this fix will not be available until next Update Tuesday on April fourteenth. Microsoft has released a security advisory detailing three different mitigation measures that can be taken in the mean time.
Mitja Kolsek, CEO of Acros Security, explained in a 0patch blog post that these vulnerabilities are significantly more alarming for those running versions of Windows prior to Windows 10 version 1709 and their server counterparts. From Windows 10 version 1709 and onward, Windows parses font in a sandboxed user-space process titled fontdrvhost.exe. Any malicious OTF files viewed in these versions of Windows will execute their malicious code inside an AppContainer sandbox, requiring an additional vulnerability to escape. The situation is more dire for prior versions of Windows on which font parsing is performed in the kernel, giving the highest privileges to any code run by viewing malicious OTF files.
Those still running these older versions of Windows should more seriously consider taking the mitigation measures detailed by Microsoft as we wait for a fix to roll out on Update Tuesday. However, 0patch has already released a micropatch for the vulnerabilities. 0patch provides security patches for Windows 7 and Windows Server 2008, which are no longer officially supported by Microsoft. Those still running these versions of Windows without Extended Security Updates (ESU) are on their own security-wise, so far as Microsoft is concerned. 0patch has moved in to fill the security update void for these users. The folks at 0patch haven’t actually fixed the font parsing vulnerabilities themselves with the micropatch, but rather stopped Windows from parsing Adobe Type 1 PostScript fonts. You can see the micropatch in action in the video below.
The micropatch is currently available for Windows 7 64-bit and Windows Server 2008 R2 without ESU. 0patch intends to extend the micropatch to cover these versions of windows with ESU, as well as Windows 8.1 and Windows Server 2012, both 32-bit and 64-bit. Since the vulnerabilities do not pose as severe a risk to Windows 10, and an official fix is on the way, Kolsek says in the blog post that 0patch does not intend to release a version of the micropatch for Windows 10.