Microsoft has released April Patch Tuesday security updates that address 66 vulnerabilities, five of them could be exploited by an attacker to compromise a PC by just tricking the victims into visiting a website or opening a specifically crafted file.
Hackers can compromise your computer just visiting a malicious website or clicking a malicious link.
Microsoft has released April Patch Tuesday that addresses 66 vulnerabilities, 24 of which are rated critical and five of them could be exploited by an attacker to compromise a PC by just tricking the victims into visiting a website or opening a specifically crafted file.
Microsoft April Patch Tuesday includes the fix for five critical remote code execution vulnerabilities in Windows Graphics Component (CVE-2018-1010, -1012, -1013, -1015, -1016) that are related to improper handling of embedded fonts by the Font Library.
“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website,” reads the advisory for the CVE-2018-1013.
“An attacker could also embed an ActiveX control marked ‘safe for initialization’ in an application or Microsoft Office document that hosts the IE rendering engine.”
The flaws were discovered by Hossein Lotfi, a security researcher at Flexera Software. and affect all versions of Windows OS to date.
Microsoft also addressed a denial of service vulnerability in Windows Microsoft Graphics that could be exploited by an attacker to cause a targeted system to stop responding. This vulnerability tied the way Windows handles objects in memory.
Microsoft April Patch Tuesday also addressed a critical RCE vulnerability, tracked as CVE-2018-1004, that resides in the Windows VBScript Engine and affects all versions of Windows.
“An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” read the security advisory published by Microsoft.
Microsoft security updates also address a total of six vulnerabilities in Adobe Flash Player, three of which were rated critical.
Users need to apply security updates as soon as possible to protect their systems.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.