Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Microsoft May 2018 Patch Tuesday Fixes 67 Security Issues, Including IE Zero-Day
#1
Quote:Microsoft published earlier today the Patch Tuesday security bulletin for May 2018, containing fixes for 67 security issues.

This month, Microsoft fixed security flaws in Microsoft Windows, Internet Explorer, Microsoft Edge, ChakraCore, .NET Framework, Microsoft Exchange Server, Windows Host Compute Service Shim, and Microsoft Office and Microsoft Office Services and Web Apps.

Microsoft patches two zero-days
The biggest issue patched this month is a zero-day in Internet Explorer that has been abused by a cyber-espionage campaign earlier this month. The zero-day (CVE-2018-8174) affects not only IE but also any other projects that embed the IE web rendering engine. Microsoft credited researchers from both Qihoo 360 Core Security and Kaspersky Lab for discovering this issue.

The second zero-day is CVE-2018-8120, an elevation-of-privilege vulnerability in the Win32k component.

"An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," Microsoft says. But the flaw is not as dangerous as it sounds, as an attacker already needs a foothold on Windows systems to run his malicious code in the first place, to elevate his access rights.

Microsoft also patched CVE-2018-8141 (Windows Kernel Information Disclosure Vulnerability) and CVE-2018-8170 (Windows Image Elevation of Privilege Vulnerability), for which exploitation details became public. Despite info about these two flaws being published online, Microsoft says none were exploited in the wild.

Flash fixes also included
Last but not least, the Microsoft May 2018 Patch Tuesday also included a patch for an Adobe Flash Player vulnerability (CVE-2018-4944) that Adobe patched earlier today.

Below is a table listing of all the security issues Microsoft fixed this month. We used PowerShell and the Microsoft API to assemble the table below, but the report is much longer. We hosted the full report on GitHub, here.

If you're not interested in all security updates and you'd like to filter updates per product, you can use Microsoft's official Security Update Guide, available here.

FULL ARTICLE: 

HERE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Microsoft Edge gets better security defaults on less popular sites tarekma7 0 737 08-08-2022 , 10:36 AM
Last Post: tarekma7
  Microsoft November 2021 Patch Tuesday fixes 6 zero-days, 55 flaws mrtrout 0 516 11-09-2021 , 10:20 PM
Last Post: mrtrout
  Google releases Chrome 90 with HTTPS by default and security fixes Imran 0 975 04-15-2021 , 03:00 PM
Last Post: Imran
  Hackers accessed Stormshield data, including source code of ANSSI certified products Bjyda 0 1,241 02-04-2021 , 11:48 PM
Last Post: Bjyda
  QNAP fixes even more serious security flaws on its NAS devices Bjyda 0 820 12-25-2020 , 12:45 AM
Last Post: Bjyda

Forum Jump:


Users browsing this thread: 1 Guest(s)