Microsoft yesterday released its regular set of
Patch Tuesday Cumulative Updates for all Windows versions.
The company released Cumulative Update which contained bug
fixes and performance improvements. The Cumulative Updates
released have brought fixes for 67 vulnerabilities which were
Out of the 67 Vulnerabilities, 21 vulnerabilities have been
assigned as “Critical” and have received the important fixes.
Microsoft has made sure that they fix most of the critical bugs
in the Patch Tuesday update roll out.
Microsoft has addressed a security issue with the scripting
engine and Internet Explorer which are the most vulnerable to
attacks. The vulnerability is expected to corrupt the memory
which give the attacker the option to execute an arbitrary
code. The attacker can get full administrative rights if the
current user is logged in as administrator by getting full
control of the affected system allowing him to install, edit
and delete programs and contents or data.
“If the current user is logged on with administrative user
rights, an attacker who successfully exploited the
vulnerability could take control of an affected system. An
attacker could then install programs; view, change, or delete
data; or create new accounts with full user rights,” the
The other scenario is web based which can be exploited by the
attacker by hosting a website designed to exploit the Internet
Explorer vulnerability and has the ability to convince the user
to view the website. This grants the attacker full control of
the system. These are addressed as Remote Code Execution and
the vulnerability has been found to be affecting
all version of Windows.
Microsoft is also fixing another vulnerability which existed in
Windows 7 SP1 giving the attacker access to run arbitrary code
in kernel mode. By running the arbitrary code in kernel mode
the attacker gets rights to install programs, view, edit or
delete data with the help of full user rights.
“To exploit this vulnerability, an attacker would first have to
log on to the system. An attacker could then run a specially
crafted application that could exploit the vulnerability and
take control of an affected system,” Microsoft explained the
vulnerability labelled CVE-2018-8120.
This vulnerability would expose the browsers to the attackers
and hence Microsoft has made sure to push as many as 18 patches
for the browsers this month.
The company requests the users to install the latest cumulative
updates pushed out yesterday for all its Windows versions to
stay safe and secure. In Windows 10, you can install the
updates from Settings -> Update & Security -> Windows