What is the Vulnerability

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka “Microsoft Graphics Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Microsoft has patched five critical vulnerabilities in Windows Graphics Component that reside due to improper handling of embedded fonts by the Windows font library and affects all versions of Windows operating systems to date, including Windows 10 / 8.1 / RT 8.1 / 7, Windows Server 2008 / 2012 / 2016. An attacker can exploit these issues by tricking an unsuspecting user to open a malicious file or a specially crafted website with the malicious font, which if open in a web browser, would hand over control of the affected system to the attacker.

All these five vulnerabilities in Windows Microsoft Graphics were discovered and responsibly disclosed by Hossein Lotfi, a security researcher at Flexera Software.
CVE-2018-1010
CVE-2018-1012
CVE-2018-1013
CVE-2018-1015
CVE-2018-1016

The Microsoft advisories are available at:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1010
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1012
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1013
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1015
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1016
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8116 Vendor URL:  portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1010 (Links to External Site)

What Do You Think on This ? Say Here