Microsoft yesterday released Patch Tuesday updates for all its versions of Windows operating system with bug fixes and performance improvements. The Redmond Giant has addressed vulnerabilities present in several versions of Windows 10 and as well as the other products.
The company released Patch Tuesday update for its previous version April 2018 Update for Windows 10 users. The company fixed a total of 60 security vulnerabilities found in the previous version of the OS.
The most important security flaw affects Windows shell, which could allow the attacker to run arbitrary code in the context of the current user, only if the vulnerability is exploited.
“To exploit the vulnerability, an attacker must entice a user to open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and then convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force a user to visit the website. Instead, an attacker would have to convince a user to click a link and open the specially crafted file,” the company explains.
Another flaw which is termed as “Scripting Engine Memory Corruption Vulnerability” is a remote code execution vulnerability, it could allow users to execute arbitrary code in the context of the current user.
This vulnerability affects users who still use Internet Explorer and browser websites with malicious content.
“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability,” the company writes.
Microsoft has also included fixes to address Intel CPUs vulnerabilities, Adobe Flash Player and as well as the Office vulnerabilities.