Microsoft finally released patches for almost 67 vulnerabilities including two critical Zero-Day flaws.
Since last year microsoft addressed 67 vulnerabilities in their products.
In which 21 of them marked as critical,42 rated as important and 4 as low severity.
These patches provided a fix in their products including Microsoft Windows,Internet Explorer, Microsoft Office, Microsoft Office Exchange Server, Microsoft Edge, Outlook, .NET Framework, Microsoft Hyper-V, Azure IoT SDK and more
They finally weeded out two critical Zero-Day flaws which can be wildly exploited by attackers.
1. IE Zero-Day “double kill” flaw
Security researchers at Qihoo 360 said
Since last year microsoft addressed 67 vulnerabilities in their products.
In which 21 of them marked as critical,42 rated as important and 4 as low severity.
 |
| Microsoft-patches-2k18 |
These patches provided a fix in their products including Microsoft Windows,Internet Explorer, Microsoft Office, Microsoft Office Exchange Server, Microsoft Edge, Outlook, .NET Framework, Microsoft Hyper-V, Azure IoT SDK and more
They finally weeded out two critical Zero-Day flaws which can be wildly exploited by attackers.
1. IE Zero-Day “double kill” flaw
This Zero-Day flaw treated as most critical RCE(Remote Code Execution) flaw which is revealed by Chinese Security Researchers team Qihoo 360.
According to the microsoft's security researchers
According to the microsoft's security researchers
CVE-2018-8174 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Security researchers at Qihoo 360 said
We found that it is the first APT(Advanced Persistent Threat) campaign that forms its attack with an Office document embedding a newly discovered Internet Explorer 0-day exploit. As soon as anyone opens the malicious document, they get infected and give away control of their computers
Attackers can gain full gain access by sending RCE binded malicious documents so that it gives full access to attackers when user opens it.
2. CVE-2018-8120 | Win32k Elevation of Privilege Vulnerability.
Second Zero-Day critical flaw in windows32k component.It occurs when it fails to handle objects in the memory.
An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
The update addresses this vulnerability by correcting how Win32k handles objects in memory. said microsoft officials
Also read
Common Vulnerability Exploits 2k18
![[Updated] List Of Google Dorks 2018](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiX1AKG4g7YfSAPauIO_Xro7W4Fh5zonMoNeMQkgfiPDGngH2K31hWcDTTFAe-BqB5iruO0tUyKZHU8QyJ_humO8y5Yam-BrXT7FcG7S3qxqzZeRZTViSYgGx7KY1KJITy4WSpLjrZQdO0/w680/complete+list+of+google+dorks.jpg)
0 Comments