Microsoft has released April Patch Tuesday security updates that address 66 vulnerabilities, five of them could be exploited by an attacker to compromise a PC by just tricking the victims into visiting a website or opening a specifically crafted file.

Hackers can compromise your computer just visiting a malicious website or clicking a malicious link.

Microsoft has released April Patch Tuesday that addresses 66 vulnerabilities, 24 of which are rated critical and five of them could be exploited by an attacker to compromise a PC by just tricking the victims into visiting a website or opening a specifically crafted file.

Microsoft April Patch Tuesday includes the fix for five critical remote code execution vulnerabilities in Windows Graphics Component (CVE-2018-1010, -1012, -1013, -1015, -1016) that are related to improper handling of embedded fonts by the Font Library.

“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website,” reads the advisory for the CVE-2018-1013.

“An attacker could also embed an ActiveX control marked ‘safe for initialization’ in an application or Microsoft Office document that hosts the IE rendering engine.”

The flaws were discovered by Hossein Lotfi, a security researcher at Flexera Software. and affect all versions of Windows OS to date.

Microsoft also addressed a denial of service vulnerability in Windows Microsoft Graphics that could be exploited by an attacker to cause a targeted system to stop responding. This vulnerability tied the way Windows handles objects in memory.

Microsoft April Patch Tuesday also addressed a critical RCE vulnerability, tracked as CVE-2018-1004, that resides in the Windows VBScript Engine and affects all versions of Windows.

“An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” read the security advisory published by Microsoft.

Microsoft security updates also address a total of six vulnerabilities in Adobe Flash Player, three of which were rated critical.

Users need to apply security updates as soon as possible to protect their systems.

Pierluigi Paganini

(Security Affairs – Microsoft April Patch Tuesday, hacking)

Share this...

Linkedin Reddit Pinterest

Share On