CVE-2020-1020 — Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
2021-11-03 • CISA Known Exploited Vulnerability
[event] Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Microsoft |
| Product | Windows |
| CWE | CWE-787 |
| CVE ID | CVE-2020-1020 |
| Date Added | 2021-11-03 |
| Due Date | 2022-05-03 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-05-03