[SingCERT] Advisory on Critical Microsoft Graphics Component Vulnerabilities
Published on 03 Apr 2018 | Updated on 16 Mar 2018
Background
Microsoft has announced the release of several security patches to address vulnerabilities affecting its Operating System and other products. Five of these vulnerabilities with a severity rating of critical in Windows Graphics Component (CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016) could allow an attacker to hack a user's computer by tricking the user to visit a malicious website. These vulnerabilities exist due to improper handling of specially crafted embedded fonts by the Windows font library. Attackers could take advantage of these vulnerabilities that require no special privileges or user interaction to gain full control of the system, including creating new user accounts or even Remote Code Execution (RCE).
An attacker can exploit these issues by tricking an unsuspecting user to open a specially crafted malicious file sent through email or a website with the malicious font by clicking on a link in an email or through an instant message. These files or links, if opened by the user, would execute arbitrary code on the user's system and hand over control of the affected system to the attacker.
Affected Systems
All currently supported versions of Windows, including:
Impact
An attacker who has successfully exploited the vulnerability could take complete control of the affected system. The attacker could then install programmes, view, modify, or delete data; or create accounts with full user rights. Users with administrative accounts could be heavily impacted.
Recommendations
Users are recommended to install security updates as soon as possible by downloading the updates from here or by following the steps below:
Start Menu: Settings --> Update & security --> Windows Update --> Check for updates.
In addition, users are advised to follow the recommendations below:
https://thehackernews.com/2018/04/windows-patch-updates.html?m=1
https://www.thezdi.com/blog/2018/4/10/the-april-2018-security-update-review
https://www.symantec.com/security-center/vulnerabilities/writeup/103594
Microsoft has announced the release of several security patches to address vulnerabilities affecting its Operating System and other products. Five of these vulnerabilities with a severity rating of critical in Windows Graphics Component (CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016) could allow an attacker to hack a user's computer by tricking the user to visit a malicious website. These vulnerabilities exist due to improper handling of specially crafted embedded fonts by the Windows font library. Attackers could take advantage of these vulnerabilities that require no special privileges or user interaction to gain full control of the system, including creating new user accounts or even Remote Code Execution (RCE).
An attacker can exploit these issues by tricking an unsuspecting user to open a specially crafted malicious file sent through email or a website with the malicious font by clicking on a link in an email or through an instant message. These files or links, if opened by the user, would execute arbitrary code on the user's system and hand over control of the affected system to the attacker.
Affected Systems
All currently supported versions of Windows, including:
- Windows 7, 8.1, RT 8.1, 10
- Windows Server 2008, 2012, 2016
Impact
An attacker who has successfully exploited the vulnerability could take complete control of the affected system. The attacker could then install programmes, view, modify, or delete data; or create accounts with full user rights. Users with administrative accounts could be heavily impacted.
Recommendations
Users are recommended to install security updates as soon as possible by downloading the updates from here or by following the steps below:
Start Menu: Settings --> Update & security --> Windows Update --> Check for updates.
In addition, users are advised to follow the recommendations below:
- Run non-administrative software as an unprivileged user with minimal access rights.
- Be cautious of links to sites that are provided by unfamiliar or suspicious sources and not click on them.
https://thehackernews.com/2018/04/windows-patch-updates.html?m=1
https://www.thezdi.com/blog/2018/4/10/the-april-2018-security-update-review
https://www.symantec.com/security-center/vulnerabilities/writeup/103594
