Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Just one page access, Windows PC can also be hacked
Microsoft has released a patch Patch Tuesday fixes many critical vulnerabilities on Windows and other products, five of which allow attackers to hack computers when users only need to access a website.
These five critical vulnerabilities are included in the Windows Graphics Component, due to improper handling of embedded fonts of Windows font libraries and affecting all Windows versions, including Windows 10 / 8.1 / RT 8.1 / 7, Windows Server 2008/2012/2016.
Users just need to open the file or access the website using poisoned font, when opening on the browser will make the hacker take control of the machine. All five of these vulnerabilities were discovered and reported by researcher Hossein Lotfi at Flexera Software.
- CVE-2018-1010
- CVE-2018-1012
- CVE-2018-1013
- CVE-2018-1015
- CVE-2018-1016
Windows Microsoft Graphics is also affected by a denial of service attack, causing the victim's computer to stop responding. This error is caused by the way Windows handles objects in memory.
In addition, Microsoft also announced details of the critical RCE vulnerability (CVE-201801994) in Windows VBScript Engine and affects all versions of Windows.
Just one page access, Windows PC can also be hacked Picture 1
Many serious holes were patched in the third update
'In the Web-based attack scenario, the attacker hosts a website specifically designed to exploit the vulnerability through Internet Explorer and then make the site accessible to users,' Microsoft explained. 'An attacker can embed the embedded ActiveX Control as' safe 'in an Microsoft Office application or file with an IE rendering engine.'
In addition, Microsoft also patched many vulnerabilities in remote code execution in Microsoft Office and Excel, patched six bugs in Adobe Flash Player, three of which were considered serious.
The remaining errors belong to Windows, Microsoft Office, Internet Explorer, Microsoft Edge, ChakraCore, Malware Protection Engine, Microsoft Visual Studio, and Microsoft Azure IoT SDK, along with errors on Adobe Flash Player
Users should update the patch as quickly as possible by going to Settings> Update and Security> Windows Update> Check for Updates.
See more:
- Instructions for installing Windows 10 Spring Creators Update
- How to enable redirection blocking to malicious websites on Google Chrome
- Update Teamviewer now if you don't want to be hacked
Isabella HumphreyYou should read it
- Microsoft updated Patch Tuesday in October 2020, patching the 'Ping of Death' vulnerability on Windows 10
- Microsoft releases new Patch Tuesday update for Windows 10
- Download an emergency Windows patch right away, fix two critical vulnerabilities, affecting every Windows version
- Patch Tuesday security patch causes blue screen errors and slows down Windows 10
- Update the latest patch for Windows XP to prevent dangerous security risks
- Microsoft released an updated patch for 25 critical security holes
- Discovering two serious RCE vulnerabilities on Windows, Microsoft had to issue an emergency patch
- 5 best patch management and monitoring software
- Microsoft patched a series of serious bugs for IE and Office next Tuesday
- Do not rush to update Patch Tuesday for November 2021 because it causes printer errors on Windows 10 again
- Update KB5013943 fixes screen flickering and problems with .NET apps on Windows 11
- Windows XP has the last patch before being killed
Maybe you are interested
How to Enable and Disable Tabs in File Explorer on Windows 11
5 macOS Sequoia Features Not Available on Windows 11
Why does Windows operating system have such a bad reputation?
Quickly fix Unmountable Boot Volume error on Windows 10/11
15 safe software and application download websites for Windows
How to Fix Clipboard History Error in Windows 11 Latest Update
Attack the network
Vietcombank's website was hacked, showing two poetic sentences about student life- JavaScript takes user data via the 'Sign in with Facebook' feature
- The new algorithm can prevent cyber-attacks on GPS devices
- Detecting zero-day vulnerabilities in Internet Explorer helps hackers gain control of the computer
- Warning: new code of virtual money digging is available via Facebook Messenger
- Hackers found a way to bypass Microsoft Office 365 Safe Links
Vietcombank's website was hacked, showing two poetic sentences about student life
JavaScript takes user data via the 'Sign in with Facebook' feature
The new algorithm can prevent cyber-attacks on GPS devices
Detecting zero-day vulnerabilities in Internet Explorer helps hackers gain control of the computer
Warning: new code of virtual money digging is available via Facebook Messenger
Hackers found a way to bypass Microsoft Office 365 Safe Links