AuthorTopic: Warning: Your Windows PC Can Get Hacked by Just Visiting a Site  (Read 436 times)

Offline Palloy2

  • Administrator
  • Sous Chef
  • *****
  • Posts: 6096
    • View Profile
    • Palloy's Blog
Microsoft Windows is still riddled with critical errors, going back to Win 7 FFS.
VB script embedded in Excel since at least 1997, and they are still not going to take it out.

https://thehackernews.com/2018/04/windows-patch-updates.html
Warning: Your Windows PC Can Get Hacked by Just Visiting a Site
Mohit Kumar
April 10, 2018

Can you get hacked just by clicking on a malicious link or opening a website? YES.

Microsoft has just released its April month's Patch Tuesday security updates, which addresses multiple critical vulnerabilities in its Windows operating systems and other products, five of which could allow an attacker to hack your computer by just tricking you visit a website.

Microsoft has patched five critical vulnerabilities in Windows Graphics Component that reside due to improper handling of embedded fonts by the Windows font library and affects all versions of Windows operating systems to date, including Windows 10 / 8.1 / RT 8.1 / 7, Windows Server 2008 / 2012 / 2016.

An attacker can exploit these issues by tricking an unsuspecting user to open a malicious file or a specially crafted website with the malicious font, which if open in a web browser, would hand over control of the affected system to the attacker.

All these five vulnerabilities in Windows Microsoft Graphics were discovered and responsibly disclosed by Hossein Lotfi, a security researcher at Flexera Software.

    CVE-2018-1010
    CVE-2018-1012
    CVE-2018-1013
    CVE-2018-1015
    CVE-2018-1016

Windows Microsoft Graphics is also affected by a denial of service vulnerability that could allow an attacker to cause a targeted system to stop responding. This flaw exists in the way Windows handles objects in memory.

Microsoft has also disclosed details of another critical RCE vulnerability (CVE-2018-1004), which exists in Windows VBScript Engine and affects all versions of Windows.

    "In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website," Microsoft explains.

    "An attacker could also embed an ActiveX control marked 'safe for initialization' in an application or Microsoft Office document that hosts the IE rendering engine."


Besides this, Microsoft has also patched multiple remote code execution vulnerabilities in Microsoft Office and Microsoft Excel, which could allow attackers to take control of the targeted systems.

The security updates also include patches for six flaws in Adobe Flash Player, three of which were rated critical.

Rest CVE-listed flaws has been addressed in Windows, Microsoft Office, Internet Explorer, Microsoft Edge, ChakraCore, Malware Protection Engine, Microsoft Visual Studio, and the Microsoft Azure IoT SDK, along with bugs in Adobe Flash Player.

Users are strongly advised to apply security patches as soon as possible to keep hackers and cybercriminals away from taking control of their computers.

For installing security updates, simply head on to Settings → Update & security → Windows Update → Check for updates, or you can install the updates.
"The State is a body of armed men."

Offline K-Dog

  • Administrator
  • Sous Chef
  • *****
  • Posts: 2379
    • View Profile
    • K-Dog
Re: Warning: Your Windows PC Can Get Hacked by Just Visiting a Site
« Reply #1 on: April 11, 2018, 10:22:39 PM »
Maybe some people want to get hacked?

 :cwmddd:
Under ideal conditions of temperature and pressure the organism will grow without limit.

 

Related Topics

  Subject / Started by Replies Last post
5 Replies
880 Views
Last post January 06, 2016, 11:09:57 PM
by K-Dog
0 Replies
362 Views
Last post November 01, 2016, 05:37:51 PM
by Palloy
0 Replies
187 Views
Last post February 07, 2017, 04:00:20 PM
by Palloy2