Over Dozen Critical Vulnerabilities Patched by Microsoft


Yesterday, Microsoft released its latest security patch which fixed a total of 75 flaws, including more than a dozen critical vulnerabilities affecting the Internet Explorer and Edge web browsers.

This month, the security experts rated critical all the security holes which affected the web browsers. Most of the issues have been described as remote code execution flaws which exist due to the way browser scripting engines handle objects in memory.

According to the researchers, the only critical vulnerability which cannot be exploited for arbitrary code execution can lead to disclosure of information that can be leveraged to further hack of the targeted system.

Two of the vulnerabilities patched by Microsoft have been publicly disclosed before even being released, however, they are only rated as “important,” and no evidence of malicious exploitation has been found.

The above-mentioned bugs are a denial-of-service (DoS) issue in ASP.NET and a privilege escalation in Exchange.

The Zero Day Initiative (ZDI) pointed out that the Exchange vulnerability exists in the Outlook Web Access (OWA) component and it can be exploited for phishing attacks.

The other privilege of the escalation flaw is that it affects the Windows installer and lets an authenticated attacker run arbitrary code with elevated permissions.

“At first glance, this doesn’t seem very crucial since an attacker would need the ability to run programs on a target system to exploit this vulnerability,” ZDI writes. “However, this type of bug is often used by malware authors to “piggyback” their malicious code on top of innocuous code. It’s always easier to convince someone to install ‘GreatNewGame.exe’ instead of ‘EvilMalware.exe’.”

The CVE-2018-0886 vulnerability is another remote code execution bug which affects the Credential Security Support Provider (CredSSP) protocol. In order to eliminate all the potential threats, PC users should apply the latest Microsoft’s patch making some settings changes as well.

The latest Microsoft’s security updates also fix vulnerabilities in Hyper-V, Access, SharePoint, Identity Manager, and Windows. In addition, the company has updated all the Flash Player components in its products to address a couple of vulnerabilities that Adobe fixed yesterday.

Nelly Vladimirova
Nelly Vladimirova has been working as a journalist since 1998 with a main focus on Finance, Economics, and IT. In 2004 she graduated the University of Plovdiv, Bulgaria, as a Bachelor in English Philology and Master in Linguistics and Translation. Later, Nelly received a postgraduate certificate in Business Management from Scott's College, UK. Presently, she is presenting the latest news related to computer security at www.virusguides.com.


Please enter your comment!
Please enter your name here

Time limit is exhausted. Please reload CAPTCHA.