Microsoft Patch Tuesday has released security patches for two zero-days vulnerability among the total 67 vulnerabilities and two publicly disclosed bugs. The zero-day patches have been actively exploited by cybercriminals.
Microsoft is confronting 21 vulnerabilities which are considered as critical, 42 as important, and 4 as low severity. The security patch updates deal with security flaws in Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office, Microsoft Office Exchange Server, Outlook, .NET Framework, Microsoft Hyper-V, ChakraCore, Azure IoT SDK etc.
1) Double Kill IE 0-day Vulnerability
The first zero-day vulnerability which is known as CVE-2018-8174 under active attack is a critical remote code execution flaw that has affected all supported versions of Windows operating systems. This was revealed last month by a Chinese security firm called Qihoo 360.
This vulnerability has been nicknamed by the researchers as “Double Kill” which is conspicuous and requires rapid attention as it permits a hacker to remotely take control of an affected system by executing malicious code remotely through different methods which includes a compromised website, or malicious Office documents.
This vulnerability is a use-after-free issue that stays in the way the VBScript Engine (included in all currently supported versions of Windows) handles objects in computer memory, allowing the intruders to run codes with the same privileges of a logged-in user.
As per the advisory report of Microsoft, “In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked ‘safe for initialization’ in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.”
It is the users with administrative rights more affected than the users with limited rights, because the attackers who make use of the vulnerability is able to take control of an affected system.
But this does not mean that low-privileged users are not affected because if a user is logged in to an affected system with more limited rights, attackers will be able to surge their privileges by exploiting a separate vulnerability.
The researchers from Qihoo 360 and Kaspersky Labs discovered that the vulnerability was actively being exploited in the wild by an advanced hacking group in targeted attacks, but more information on the threat group is not revealed.
2) Win32k Elevation of Privilege Vulnerability
The second zero-day vulnerability which is known as CVE-2018-8120 has been patched this month and is a privilege-escalation flaw that occurred in the Win32k component of Windows when it fails to properly handle objects in computer memory.
If this vulnerability is exploited properly by an attacker they could execute arbitrary code in kernel mode, finally allowing them to install programs or malware; view, edit or delete data; or create new accounts with full user rights.
This vulnerability is considered as “important,” and only affects Windows 7, Windows Server 2008 and Windows Server 2008 R2. The issue has actively been exploited but more details regarding the exploits are not disclosed.
Two Publicly Disclosed Flaws
Microsoft also inscribed two main Windows vulnerabilities the details of which are already made public.
They are a Windows kernel flaw (CVE-2018-8141) that could lead to information disclosure, and a Windows Image bug (CVE-2018-8170) that could lead to Elevation of Privilege.
Besides these the May 2018 updates resolve 20 more critical issues, including memory corruptions in the Edge and Internet Explorer (IE) scripting engines and remote code execution (RCE) vulnerabilities in Hyper-V and Hyper-V SMB.
The users are strongly recommended to install security updates at the earliest to protect themselves against the active attacks in the wild.