What is the Vulnerability
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka “Microsoft Graphics Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Microsoft has patched five critical vulnerabilities in Windows Graphics Component that reside due to improper handling of embedded fonts by the Windows font library and affects all versions of Windows operating systems to date, including Windows 10 / 8.1 / RT 8.1 / 7, Windows Server 2008 / 2012 / 2016. An attacker can exploit these issues by tricking an unsuspecting user to open a malicious file or a specially crafted website with the malicious font, which if open in a web browser, would hand over control of the affected system to the attacker.
All these five vulnerabilities in Windows Microsoft Graphics were discovered and responsibly disclosed by Hossein Lotfi, a security researcher at Flexera Software.
The Microsoft advisories are available at:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8116 Vendor URL: portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1010 (Links to External Site)