CVE-2020-1355

CVE-2020-1355

EPSS 4.0%

A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory., aka 'Windows Font Driver Host Remote Code Execution Vulnerability'.

Productos afectados

Microsoft · Windows 10 Version 1903 for 32-bit Systems Microsoft · Windows 10 Version 1903 for ARM64-based Systems Microsoft · Windows 10 Version 1903 for x64-based Systems Microsoft · Windows 10 Version 1909 for 32-bit Systems Microsoft · Windows 10 Version 1909 for ARM64-based Systems Microsoft · Windows 10 Version 1909 for x64-based Systems Microsoft · Windows 10 Version 2004 for 32-bit Systems Microsoft · Windows 10 Version 2004 for ARM64-based Systems Microsoft · Windows 10 Version 2004 for x64-based Systems Microsoft · Windows Server, version 1903 (Server Core installation)Microsoft · Windows Server, version 1909 (Server Core installation)Microsoft · Windows Server, version 2004 (Server Core installation)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1355 https://www.zerodayinitiative.com/advisories/ZDI-20-875/