Microsoft Patch Tuesday kills 63 vulnerabilities

Posted on Wednesday, April 11 2018 @ 9:36 CEST by Thomas De Maesschalck
MSFT logo
This month's dose of Patch Tuesday smashed a total of 63 vulnerabilities in Microsoft software. There are critical updates for Windows, Edge, IE, and Office, as well as a fix for a zero-day flaw in SharePoint.

The Register notes one of the more serious set of bugs involve a remote code execution vulnerability in the graphics component of Windows and Windows Server. This bug can be triggered via a specially-crafted font, in some cases merely be putting said font on a website viewed by the target computer:
Among the more serious bugs are a set of five remote code execution vulnerabilities in the graphics component of Windows and Windows Server (CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016). Each of those vulnerabilities would allow an attacker to pwn PCs via a specially-crafted font, in some cases by simply putting the font on a web page viewed by the target.

"Those of us who lived through Duqu always shudder a bit when we see font-related bugs, and these have me downright shivering," writes Dustin Childs of the Zero Day Initiative.

"Since there are many ways to view fonts – web browsing, documents, attachments – it’s a broad attack surface and attractive to attackers."
As always, it's recommended to update your system asap to stay safe.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.


Loading Comments

Share this story!

Latest news

Latest reviews