CVE-2020-1020

CISA description

Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.

Required action

Apply updates per vendor instructions.

Notes & references

• https://nvd.nist.gov/vuln/detail/CVE-2020-1020

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

• RA-5 · Vulnerability Monitoring and Scanning
• SI-2 · Flaw Remediation
• CM-6 · Configuration Settings
• SI-7 · Software, Firmware, and Information Integrity
• CM-8 · System Component Inventory

External lookups

• NVD · CVE-2020-1020
• CVE.org · CVE-2020-1020
• CISA KEV catalog (canonical)