Sci-tech

Microsoft resolves zero-day exploits on May Patch Tuesday

Microsoft resolves zero-day exploits on May Patch Tuesday

Fluent Design, Microsoft's new design elements, also make an appearance. Intel does deliver its own custom drivers for some products, so there is a chance that the fix may require a combination of a new Intel driver along with changes from Microsoft.

"Despite a Word document being the initial attack vector, the vulnerability is actually in VBScript, not in Microsoft Word", Kaspersky Lab researchers say. Microsoft said the search window will now open wider to allow a broader range of content to display.

"Listed as "Exploitation Detected", it is recommended to test and deploy the fix for CVE-2018-8174 to address how scripting engine handles memory objects - this should capture immediate attention", added Langston. It has been assigned the vulnerability identifier CVE-2018-1039. As such, until Microsoft or Intel provides a list of specific models, it might be wise to roll back your operating system to 1709 if you have an Intel SSD.

"Two Microsoft vulnerabilities this month are known to be exploited in the wild".

"A malicious container could allow an attacker to execute arbitrary code on any system installing (or "pulling") the container", explained Trustwave threat intelligence manager, Karl Sigler. The flaw in Windows 10 and Windows Server, designated CVE-2018-8170, had been publicly reported but has not yet been seen in in-the-wild attacks.

There is one advisory for Flash Player, ADV180008, referencing CVE-2018-4944 from Adobe's APSB18-16 bulletin for Flash Player.

More news: World Bank denies Nawaz Sharif laundered $4.9 bn to India
More news: Telstra stops selling ZTE devices amid US Govt crackdown
More news: Cabin Smoke Forces Delta to Evacuate Plane

The IE attacks were revealed in April by the Qihoo 360 Core Security team, which said a "double kill" vulnerability bundled with malicious Office documents was being used to compromise IE users on a "global scale".

"An attacker who successfully exploited the vulnerability could gain the same user rights as the current user".

Now that Microsoft has shipped the April 2018 Update for Windows 10, it's moving full speed ahead to the next version of Windows, Redstone 5, due this fall.

Microsoft's May Patch Tuesday also provided two public disclosures for new vulnerabilities, including an information disclosure vulnerability in the Windows kernel, and privilege elevation bug in Windows Image.

First, however, some organizations may need to update their version of Windows to ensure they're still getting the latest cumulative and security updates. Microsoft this time, is quite focused on making the Universal Windows Platform (UWP) apps adaptable to all kinds of input, whether touch screens or keyboard and mouse as presently the apps are designed more for touch inputs.