May 2018 Patch Tuesday - Medium Weight, However One Active Exploit Needs Attention

Microsoft resolves zero-day exploits on May Patch Tuesday

May Patch Tuesday Fixes Two Bugs Under Active Attack

One of the most interesting developments about Microsoft's May Patch Tuesday is that it fixes include two critical remote code-execution vulnerabilities, both of which are under active attack. Build 2018 is going strong and Joe Belfiore made some exciting announcements.

The second vulnerability, a privilege-escalation flaw in the Win32k component of Windows that is also being actively exploited, allows an attacker to run arbitrary code in kernel mod. For example, an attacker could convince a user to visit a malicious or compromised web page or entice them to open an Office document containing a maliciously-crafted ActiveX control.

The main issue that Microsoft faces with the introduction of Sets is that Alt-Tab would not really catch all the programs open in a Set as it would be identified as a single window.

Senate to IGP: Stop holding onto straw, you've failed in your duties
He said he later found out the police chief had travelled to Kaduna instead of honouring the Senate's invitation. This is the third time the IGP ...

Microsoft has announced it is testing a new feature that lets Windows 10 users access content on their smartphone without touching it. CVE-2018-0961 addresses abuse of vSMB packets, while CVE-2018-0959 could allow arbitrary code execution on the host from a guest OS.

"What we [Gartner] expect is that enterprises will get to the 85%-90% level by the deadline", Kleynhans said of the percentage of corporate devices shifted to Windows 7, "maybe even a little higher than that". Search Previews can also be used to get quick answers to trivial questions like "are bananas good for you?" or "height of mt. Everest".

Microsoft has expanded Search previews as of build 17666 to support apps, documents and more. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights".

Iran fires rockets into Golan Heights, Israelis say
Conricus said early Thursday that the rocket barrage was "the most severe attempt" by Iran's Al Quds force to attack Israel . Russia's support for the Assad regime in Syria and its relationship with Tehran present worrying possibilities for Israel .

If an attacker can't gain privileged access, they could exploit an elevation of privilege bug such as the other CVE being exploited in the wild: CVE-2018-8120, which features in older versions of Windows (Win7, Server 2008, Server 2008 R2).

However, it appears that something buried in this month's Patch Tuesday is now stopping machines from booting after the update has been installed. On its way doesn't also mean that we know precisely when it will reach its destination, but nonetheless, the news is still exciting.

"To exploit this vulnerability, an attacker would first have to log on to the system", according to Microsoft's security advisory.

Armor Wars Redux? Original IRON MAN Movie Armor Lost, Police Investigation Underway
But, these films are often made on high budgets, which requires expensive technology and costumes. According to LA Times , LAPD is now investigating the mysterious case of the missing suit.

Latest News