Skip to main content

May Patch Tuesday Fixes Two Bugs Under Active Attack

posted onMay 8, 2018
by l33tdawg

Microsoft’s May Patch Tuesday fixes include two critical remote code-execution vulnerabilities, both of which are under active attack.

The most serious of the two is tied to a Windows 10 VBScript engine and can be triggered when a victim visits a malicious website.

“A user need only visit a malicious website to have attacker-control code execute on their machine,” according to Microsoft’s description of the bug (CVE-2018-8174). The flaw could also be used in conjunction with a malicious ActiveX control marked “safe for initialization” in an app, Office Doc or within IE’s rendering engine, Microsoft said.

Source

Tags

Microsoft Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th