Microsoft April Patch Tuesday releases patches for 66 vulnerabilities in which 24 of them were rated as critical.
Microsoft April Patch Tuesday includes fixes for five critical vulnerabilities (CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016) in Windows Graphics Component which can be exploited by an attacker to compromise a PC by just tricking users to visit a website.
The vulnerability is due to the improper handling of embedded fonts by the Windows Font Library. The flaw was disclosed by Hossein Lotfi, a security researcher at Flexera Software and it affects all version of Windows OS.
“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content.”
“An attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker’s website, or by opening an attachment sent through email.”
Microsoft also released a fix for a critical RCE vulnerability CVE-2018-1004 which resides in the Windows VBScript Engine and affects all version Windows OS.
“A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. “
In the security updates patches were also released for multiple remote code execution vulnerabilities found in Microsoft Office and Excel.
Fixes were also released for 6 flaws in Adobe Flash Player in which of 3 were rated as critical.
Users are advised to apply the patches and update your systems immediately.