Microsoft Patch Tuesday for April 2018:
Microsoft patches 66 bugs and 24 of them were rated as critical. Among that 24 critical bug, a bug in the SharePoint is noted as worthy of attention. CVE-2018-1034, privilege elevation bug in the SharePoint. “An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server,” Microsoft said. They also warned users of five Graphics Remote Code Execution bugs (CVE-2018-1010, -1012, -1013, -1015, -1016) knotted to the Windows Font Library. “Each of these patches covers a vulnerability in embedded fonts that could allow code execution at the logged-on user level. Since there are many ways to view fonts – web browsing, documents, attachments – it’s a broad attack surface and attractive to attackers,” Zero Day Initiative team noted.