Skip to main content

May Patch Tuesday Fixes Two Bugs Under Active Attack

posted onMay 8, 2018
by l33tdawg
https://media.kasperskycontenthub.com/wp-content/uploads/sites/31/2017/05/06224854/Microsoft-patch-tuesday-end.jpg

Microsoft’s May Patch Tuesday fixes include two critical remote code-execution vulnerabilities, both of which are under active attack.

The most serious of the two is tied to a Windows 10 VBScript engine and can be triggered when a victim visits a malicious website.

“A user need only visit a malicious website to have attacker-control code execute on their machine,” according to Microsoft’s description of the bug (CVE-2018-8174). The flaw could also be used in conjunction with a malicious ActiveX control marked “safe for initialization” in an app, Office Doc or within IE’s rendering engine, Microsoft said.

Source

Tags

Microsoft Security

You May Also Like

Recent News

Monday, May 21st

Thursday, May 17th

Monday, May 14th

Tuesday, May 8th

Saturday, May 5th

Thursday, May 3rd

Wednesday, May 2nd