Microsoft fixes vulnerabilities in Windows with latest Patch Tuesday update

105
Windows 10 for Desktop
Image Courtesy: Fortune.com

Microsoft yesterday released Patch Tuesday updates for all its
versions of Windows operating system with bug fixes and
performance improvements. The Redmond Giant has addressed
vulnerabilities present in several versions of Windows 10 and
as well as the other products.

The company released Patch Tuesday update for its previous
version April 2018 Update for Windows 10 users. The company
fixed a total of 60 security vulnerabilities found in the
previous version of the OS.

The most important security flaw affects Windows shell, which
could allow the attacker to run arbitrary code in the context
of the current user, only if the vulnerability
is exploited.

“To exploit the vulnerability, an attacker must entice a user
to open a specially crafted file. In an email attack scenario,
an attacker could exploit the vulnerability by sending the
specially crafted file to the user and then convincing the user
to open the file. In a web-based attack scenario, an attacker
could host a website (or leverage a compromised website that
accepts or hosts user-provided content) that contains a
specially crafted file designed to exploit the vulnerability.
An attacker would have no way to force a user to visit the
website. Instead, an attacker would have to convince a user to
click a link and open the specially crafted file,” the company
explains.

Another flaw which is termed as “Scripting Engine Memory
Corruption Vulnerability” is a remote code execution
vulnerability, it could allow users to execute arbitrary code
in the context of the current user.

This vulnerability affects users who still use Internet
Explorer and browser websites with malicious content.

“In a web-based attack scenario, an attacker could host a
specially crafted website that is designed to exploit the
vulnerability through Internet Explorer and then convince a
user to view the website. An attacker could also embed an
ActiveX control marked “safe for initialization” in an
application or Microsoft Office document that hosts the IE
rendering engine. The attacker could also take advantage of
compromised websites and websites that accept or host
user-provided content or advertisements. These websites could
contain specially crafted content that could exploit the
vulnerability,” the company writes.

Microsoft has also included fixes to address Intel CPUs
vulnerabilities, Adobe Flash Player and as well as the Office
vulnerabilities.



i am as a writer and blogger...


Leave a Reply

Your email address will not be published. Required fields are marked *