Patch Tuesday: Microsoft fixes two critical Windows bugs

Share

The vulnerable version is 29.0.0.140, which requires an update to 29.0.0.171.

Microsoft's May vulnerability count reaches 68 CVEs, 21 of which are rated critical, 45 important, and only two low impact. However, it also explains the bug can be exploited through Internet Explorer.

"Exchange server has several vulnerabilities being resolved this month", he said.

The bad news, however, is that this security flaw can force Internet Explorer to load - even if it is not the default browser - and that it is already being actively exploited.

"Despite a Word document being the initial attack vector, the vulnerability is actually in VBScript, not in Microsoft Word".

Security experts recommend all Windows users - individuals and businesses alike - patch this flaw as quickly as possible. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements.

The patch follows an alarm by researchers at Qihoo 360 Core Security in April that well-resourced hackers were using a then suspected IE zero-day flaw to infect Windows PCs on a "global scale".

Also on Tuesday, Microsoft patched a privilege elevation vulnerability in Win32k, a critical system file built into Windows. "An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system", Microsoft notes.

Image Microsoft
Image Microsoft

The flaw was discovered and reported to it by Anton Cherepanov, a senior malware researcher at ESET, Microsoft says. They include both 32-bit and 64-bit versions of Windows 7 and Windows Server 2008.

As noted above, Microsoft hasn't yet acknowledged any issues with a cumulative update for Windows 10 version 1803.

Have you experienced any issues with the Windows 10 April 2018 Update on a system running an Intel SSD? This particular vulnerability is located in the VBScript Engine, which is included in all supported iterations of Windows.

The problem doesn't seem to affect everyone, as some users have also said that their devices are fine, but the problem is widespread enough for users to be concerned.

"An attacker who successfully exploited this vulnerability could impersonate a server used during the provisioning process", according to Microsoft's security alert.

Anyway, those who did experience the issue needed to boot Windows 10 into safe mode via a CD or USB installer, try uninstalling the update, restoring back to the Fall Creators Update or restoring via a system restore point.

You can install KB4103721 automatically by going to Settings Update & Security Windows Update and hitting the "Check for updates" button.

Microsoft has halted distribution of Windows 10 April 2018 Update for owners of systems with specific Intel SSDs, the combo of the operating system update and the Intel SSDs can result in a boot loop.

More news: Gilead Sciences (GILD) Stake Increased by BlackRock Inc
More news: Best Nokia 7 Plus offers on Amazon India
More news: Rome: Public bus catches fire near Trevi Fountain

Share