Remote Code Execution Vulnerability in DirectWrite API https://www.cert-in.org.in/

Severity Rating: High

Software Affected

· for 32-bit Systems SP1, x64-based Systems SP1

· Windows RT 8.1

· Windows 8.1 for 32-bit systems, x64-based Systems SP1

· Windows 10 for 32-bit Systems, x64-based Systems

· Windows 10 Version 1607 for 32-bit Systems, x64-based Systems

· Windows 10 Version 1709 for 32-bit Systems, x64-based Systems and ARM64-based Systems

· Windows 10 Version 1803 for 32-bit Systems, x64-based Systems and ARM64-based Systems

· Windows 10 Version 1809 for 32-bit Systems, x64-based Systems and ARM64-based Systems

· Windows 10 Version 1909 for 32-bit Systems, x64-based Systems and ARM64-based Systems

· Windows 10 Version 1903 for 32-bit Systems, x64-based Systems and ARM64-based Systems

· Windows 10 Version 2004 for 32-bit Systems, x64-based Systems and ARM64-based Systems

· for 32-bit Systems SP2 (Server Core installation)

· Windows Server 2008 for x64-based Systems SP2 (Server Core installation) · for x64-based Systems SP1 (Server Core installation)

· Windows Server 2008 for 32-bit Systems SP2, x64-based Systems SP2

· Windows Server 2008 R2 for x64-based Systems SP1

· Windows Server 2012

· Windows Server 2012 R2

· Windows Server 2012 (Server Core installation)

· Windows Server 2012 R2 (Server Core installation)

· Windows Server 2016

· Windows Server 2016 (Server Core installation)

· Windows Server 2019

· Windows Server 2019 (Server Core installation)

· Windows Server, version 1909 (Server Core installation)

· Windows Server, version 1903 (Server Core installation)

· Windows Server, version 2004 (Server Core installation)

· Microsoft Office 2016 for Mac

· Microsoft Office 2019 for Mac

Overview

A vulnerability has been reported in DirectWrite API of Microsoft which could allow a remote attacker to execute arbitrary code on a targeted system. Description

This vulnerability exists in DirectWrite API due to improper handling of objects in memory. A remote attacker could exploit this vulnerability by convincing a user to open a specially crafted document or visit a crafted malicious webpage.

Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the targeted system which can lead to complete compromise of the system.

Solution

Apply appropriate patches as mentioned in Microsoft Security Guidance https://portal.msrc.microsoft.com/en-us/security-guidance

Vendor Information

Microsoft https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE- 2020 - -1409

References

CyberSecurityHelp https://www.cybersecurity-help.cz/vdb/SB2020071433

CVE Name

CVE-2020-1409

- --

Thanks and Regards,

CERT-In

" Be clean! Be healthy! "

Note: Please do not reply to this e-mail.

For further queries contact CERT-In Information Desk. Email: [email protected] Phone : 1800-11-4949 FAX : 1800-11-6969 Web : http://www.cert-in.org.in PGP Finger Print:D1F0 6048 20A9 56B9 5DAA 02A8 0798 04C3 2D85 A787 PGP Key information: http://www.cert-in.org.in/contact.htm

Postal address: Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, C.G.O. Complex New Delhi-110 003

-----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.4.1 (Build 620) Charset: utf-8 wsFVAwUBXxGoxt4woHEnXMrPAQhUQg/9Ga7IZeaupOdD5OG6fgbLDiM/KA9UnyuC lZkchqjKuxRGT5MuFuCSxDi+We70v0Dy+wKjzDN9R5ivIDDg6pg9xqZ39PLhDKqQ tebTUivUULjiBS6aAQ+uv6Tu56W6oV3gTYVlemT3e2gxsNWTZWsIRT6f7s5kuWVM NRQE+jRlsOKOfrPtObnVic2C4MSG0uvYQqtqXvzOhDqsVlFl42t0PSSoaG7+bjr+ CZfVCV/JiaPkTunVoedxuo6Ggq7PbDq1dNhw7DobLoJl9JhzDOnjRDzR0ztSAznn 64geCu3C7uGoF3HUQWKtviL3K9iPgwCXI+prSGavIVIhN6M8rHSyWgfkE9sJ2nDv tcQRIYUhg6M2i1m8VN/H5sVlSXH1eSguWyYwL+17MUs0zDhx/G0mBD+lKjBVvGZJ Y3cuV6uCLZaqeLrAtMRM5ORn7BuU4ay8yq9a5NbQ/yDDY5FcQ4NzznfiTxhdVjmV uAzWS2Fqvz88jHizbVwcP70nPCm73niYPrpLmbYAnhe63JfEV0FMbUD6UrCr+t7a E6ZrgJphOjMinG7GoEZc8vLXT7Vn3ICgmU3WddGhrdmjpUDXEb1sjAuqToxogQLa POU5qZq0pqhxbbDbVdDykXAF9teUUeZVp4hCAsqRWM+664UYaWr8r0rZiLsJqEoh 7+LeG1hNCZU= =HzcL -----END PGP SIGNATURE-----