Fixed vulnerability of Microsoft Graphics "Windows can hack the system by opening a specific site in the browser" on Windows Update

byangela n.

A regular security release was done on Windows Update on April 10, 2018. The vulnerability concerning font embedding in Microsoft Graphics is highly dangerous that an attacker can hack the system simply by accessing the website.

Security update of April 2018
https://portal.msrc.microsoft.com/ja-JP/security-guidance/releasenotedetail/abf77563-8612-e811-a966-000d3a33a34d


Warning: Your Windows PC Can Get Hacked by Just Visiting a Site
https://thehackernews.com/2018/04/windows-patch-updates.html

Microsoft Graphics vulnerabilityCVE-2018-1010·1012·1013·1015·1016Five points of. In either case, vulnerability is fixed by modifying the processing method of embedded fonts with "The remote fault code vulnerability exists when the Windows font library does not correctly handle embedded specially crafted embedded fonts". It has been solved.

The affected OS is Windows 10, 8.1, RT 8.1, 7, Server 2016, Server 2012, Server 2008.

Measures have also been taken on the remote code execution vulnerability that exists in the way the VBScript engine handles objects in memory.

CVE-2018-1004 | Windows VBScript Engine Remote Code Execution Vulnerability ‡
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2018-1004