Microsoft yesterday released its regular set of Patch Tuesday Cumulative Updates for all Windows versions. The company released Cumulative Update which contained bug fixes and performance improvements. The Cumulative Updates released have brought fixes for 67 vulnerabilities which were reported.
Out of the 67 Vulnerabilities, 21 vulnerabilities have been assigned as “Critical” and have received the important fixes. Microsoft has made sure that they fix most of the critical bugs in the Patch Tuesday update roll out.
Microsoft has addressed a security issue with the scripting engine and Internet Explorer which are the most vulnerable to attacks. The vulnerability is expected to corrupt the memory which give the attacker the option to execute an arbitrary code. The attacker can get full administrative rights if the current user is logged in as administrator by getting full control of the affected system allowing him to install, edit and delete programs and contents or data.
“If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” the company explained in CVE-2018-8174.
The other scenario is web based which can be exploited by the attacker by hosting a website designed to exploit the Internet Explorer vulnerability and has the ability to convince the user to view the website. This grants the attacker full control of the system. These are addressed as Remote Code Execution and the vulnerability has been found to be affecting all version of Windows.
Microsoft is also fixing another vulnerability which existed in Windows 7 SP1 giving the attacker access to run arbitrary code in kernel mode. By running the arbitrary code in kernel mode the attacker gets rights to install programs, view, edit or delete data with the help of full user rights.
“To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system,” Microsoft explained the vulnerability labelled CVE-2018-8120.
This vulnerability would expose the browsers to the attackers and hence Microsoft has made sure to push as many as 18 patches for the browsers this month.
The company requests the users to install the latest cumulative updates pushed out yesterday for all its Windows versions to stay safe and secure. In Windows 10, you can install the updates from Settings -> Update & Security -> Windows Update.