0patch fixes CVE-2020-0687 in Windows 7/Server 2008 R2

[German]ACROS Security has released a micropatch for the memory corruption vulnerability CVE-2020-0687 in TTF fonts for Windows 7 and Server 2008 R2 (without ESU).

The TTF vulnerability CVE-2020-0687

CVE-2020-0687 is a vulnerability that allows remote code execution (RCE) via specially crafted Windows True Type Fonts (TTF). The whole thing is known as "Microsoft Graphics Remote Code Execution Vulnerability" since April 14, 2020.

Microsoft describes the vulnerability in this document and has released security updates for Windows 7 to Windows 10 on April 14, 2020. However, users of Windows 7 SP1 and Windows Server 2008 R2 who do not have an ESU license will no longer receive the security updates released by Microsoft.

0patch-Fix for Windows 7 SP1/Server 2008 R2

ACROS Security has developed a micropatch for the vulnerability CVE-2020-0687. Mitja Kolsek of ACROS Security has informed me privately that the micropatch has been released for Windows 7 SP1 and Windows Server 2008 R2. There is now also a message on Twitter.

Windows 7 and Server 2008 R2 users without Extended Security Updates have just received a micropatch for CVE-2020-0687, a memory corruption issue in TTF font parsing that could lead to remote code execution when visiting a web site or opening a malicious document. pic.twitter.com/VddTKZ5DmS

— 0patch (@0patch) April 22, 2020

In further follow-up tweets ACROS Security provides some more explanations about the vulnerability and the micropatch. This patch is available for subscribers of the Pro and Enterprise version. Hints on how the 0patch agent, which loads the micro patches into memory at runtime of an application, works can be found in the blog posts (e.g. here), which I have linked below.

0patch fixes CVE-2020-0687 in Windows 7/Server 2008 R2

The TTF vulnerability CVE-2020-0687

0patch-Fix for Windows 7 SP1/Server 2008 R2

Leave a Reply Cancel reply

Blogs

Links

Social networks

Awards

Sponsors

Recent Comments

Recent Comments

Meta