Just one page access, Windows PC can also be hacked

Just click the malicious link or open a website, your computer can be hacked.

Microsoft has released a patch Patch Tuesday fixes many critical vulnerabilities on Windows and other products, five of which allow attackers to hack computers when users only need to access a website.

These five critical vulnerabilities are included in the Windows Graphics Component, due to improper handling of embedded fonts of Windows font libraries and affecting all Windows versions, including Windows 10 / 8.1 / RT 8.1 / 7, Windows Server 2008/2012/2016.

Users just need to open the file or access the website using poisoned font, when opening on the browser will make the hacker take control of the machine. All five of these vulnerabilities were discovered and reported by researcher Hossein Lotfi at Flexera Software.

  1. CVE-2018-1010
  2. CVE-2018-1012
  3. CVE-2018-1013
  4. CVE-2018-1015
  5. CVE-2018-1016

Windows Microsoft Graphics is also affected by a denial of service attack, causing the victim's computer to stop responding. This error is caused by the way Windows handles objects in memory.

In addition, Microsoft also announced details of the critical RCE vulnerability (CVE-201801994) in Windows VBScript Engine and affects all versions of Windows.

Just one page access, Windows PC can also be hacked Picture 1Just one page access, Windows PC can also be hacked Picture 1
Many serious holes were patched in the third update

'In the Web-based attack scenario, the attacker hosts a website specifically designed to exploit the vulnerability through Internet Explorer and then make the site accessible to users,' Microsoft explained. 'An attacker can embed the embedded ActiveX Control as' safe 'in an Microsoft Office application or file with an IE rendering engine.'

In addition, Microsoft also patched many vulnerabilities in remote code execution in Microsoft Office and Excel, patched six bugs in Adobe Flash Player, three of which were considered serious.

The remaining errors belong to Windows, Microsoft Office, Internet Explorer, Microsoft Edge, ChakraCore, Malware Protection Engine, Microsoft Visual Studio, and Microsoft Azure IoT SDK, along with errors on Adobe Flash Player

Users should update the patch as quickly as possible by going to Settings> Update and Security> Windows Update> Check for Updates.

See more:

  1. Instructions for installing Windows 10 Spring Creators Update
  2. How to enable redirection blocking to malicious websites on Google Chrome
  3. Update Teamviewer now if you don't want to be hacked
5 ★ | 2 Vote