Microsoft's Patch Tuesday fixes zero-day exploit and privilege escalation vulnerability

Cesar Mills
May 10, 2018

It allows attackers to run arbitrary code in kernel mode, meaning they could fully compromise any vulnerable system, install malware and steal all data.

"May comes in with 68 CVEs total including 21 rated "Critical", 44 rated "Important", and three rated "Low", said Sigler.

Microsoft unveiled its new cross-device content sharing app Your Phone during its developer conference this week, and it was one of the few new noteworthy consumer-facing highlights for the company.

Adobe also issued a patch for CVE-2018-4944, which allows for arbitrary code execution (at user level) if exploited. In addition to patching the Internet Explorer zero-day, Microsoft addressed another vulnerability that was under attack: a privilege elevation vulnerability, discovered by ESET senior malware researcher Anton Cherepanov, that involves Win32K component that fails to properly handle objects in memory.

EBay to relaunch in India post Flipkart-Walmart big billion deal
The exit from Flipkart comes soon after Naspers raised $9.8 billion by selling a 2% stake in China's Tencent Holdings. Founded in 2007 by two college friends and former Amazon employees, Flipkart began life as an online bookseller.

Detective Work By Researchers Find New Cure For Baldness
In lab experiments the osteoporosis drug had a dramatic effect on donated follicles, stimulating them to sprout growing hairs. However, they decided not to go ahead with its application as a hair growth stimulator owing to its other side effects.

Braun Wins Republican US Senate Primary
President Donald Trump welcomed the results in a Wednesday morning tweet , calling it a "great night" for the Republican Party. Trump often promises supporters he will "drain the swamp" in Washington, referring to career politicians and lobbyists.

The arrival of .NET Core 3 in 2019 targets support for Windows Forms, Windows Presentation Framework and UWP (Universal Windows Platform) desktop applications via desktop packs and ability to run several instances of.NET on the same machine. Bad news then, for those logged in as administrators who are affected by the bug - complete control can easily be gained by the hackers. They include both 32-bit and 64-bit versions of Windows 7 and Windows Server 2008. The flaw in Windows 10 and Windows Server, designated CVE-2018-8170, had been publicly reported but has not yet been seen in in-the-wild attacks. "An attacker who successfully exploited this vulnerability could impersonate a server used during the provisioning process", according to Microsoft's security alert.

Microsoft has also released a fix for a bypass vulnerability in a Windows security feature called Device Guard that notably affects devices in Windows 10 S locked-down mode. The flaw, CVE-2018-8120, has been exploited in the wild, but neither Microsoft nor ESET has provided details about the exploitation.

For more information about the remaining security bulletins for May Patch Tuesday, visit Microsoft's Security Update Guide. Windows 10 April 2018 Update began rolling out last week, and it's not far-fetched to say that it marks a massive step towards a complete transition to a brand new design language.

Other reports by GizPress

Discuss This Article