Microsoft Patch Tuesday plugs another 68 holes

Posted on Wednesday, May 09 2018 @ 12:50 CEST by Thomas De Maesschalck

Yesterday the monthly dose of Patch Tuesday injections arrived. This time, Microsoft issued a total of 68 patches, of which 21 are rated as critical. At least two vulnerabilities are actively exploited in the wild, so it's best to update ASAP.

One of the more serious vulnerabilities concerns a Windows VBScript Engine flaw, it allows exploitation by merely visiting a webpage in Edge or Internet Explorer:

Hackers – including nation-state agents – are already abusing this programming cockup right now to compromise computers in the wild and spy on targets. The flaw was discovered and reported by Anton Ivanov and Vladislav Stolyarov of Kaspersky Lab, as well as Ding Maoyin, Jinquan, Song Shenlei, and Yang Kang of Qihoo 360 Core Security.

"In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website," Microsoft noted.

More at The Register.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments

Share this story!