TTCSIRT-301.032520: TT-CSIRT ADVISORY- MICROSOFT RCE VULNERABILITIES AFFECTING WINDOWS, WINDOWS SERVER
Microsoft has released a security advisory to address remote code execution vulnerabilities in Adobe Type Manager Library affecting all currently supported versions of Windows and Windows Server operating systems. A remote attacker can exploit these vulnerabilities to take control of an affected system. Microsoft is aware of limited, targeted attacks exploiting these vulnerabilities in the wild.
The Trinidad and Tobago Cyber Security Incident Response Team (CSIRT) encourages users and administrators to review and apply the necessary mitigations until patches are available.
Kindly review the following links for a more detailed breakdown of the Vulnerabilities and relevant workarounds:
- Microsoft Advisory ADV200006: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006
- CERT Coordination Center
(CERT/CC) Vulnerability Note VU#354840: https://kb.cert.org/vuls/id/354840/