Patch Tuesday: Microsoft fixes two critical Windows bugs

9 May 2018

Microsoft performed first aid on a series of vulnerabilities. Image: 5 Second Studio

Microsoft’s latest Patch Tuesday has issued a number of fixes for Windows bugs.

While Microsoft’s Build event has been dominating the news in the last number of days, the company’s most recent Patch Tuesday release has fixed some pretty serious bugs.

The two major bugs patched had already been executed in the real world, out of 68 total patches. 21 patches were rated critical, 45 rated important and two were named as low-security flaws.

According to an advisory issued by Microsoft, two of the Windows vulnerabilities addressed in the latest Patch Tuesday are being actively exploited in the wild to install malicious applications on the machines of oblivious users.

Two serious flaws

The first flaw is formally known as CVE-2018-8174 and was discovered by Kaspersky Lab. This particular vulnerability is located in the VBScript Engine, which is included in all supported iterations of Windows. It’s called a ‘use after free’ flaw and involves the manner in which the engine deals with computer memory, allowing attackers to execute code. This code can then run with the same privileges as the logged-in user on the system. Bad news, then, for those logged in as administrators who are affected by the bug – complete control can easily be gained by the hackers.

A malicious Rich Text Format document is received by the target and causes a page of HTML with malicious code to be downloaded once it’s opened. The use-after-free bug is then triggered, shellcode is downloaded and a malicious payload is executed. This had allowed people to force Internet Explorer to load, no matter what browser someone was already using. Microsoft said attackers could exploit this bug by hosting an exploit in website ads or on a website, conning people into viewing malicious content within the Internet Explorer browser.

The other vulnerability is a privilege-escalation flaw in the Win32k element of Windows, which could allow attackers to run arbitrary code in kernel mode, opening the door for them to install programmes, view and delete data, or build new user accounts.

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects

editorial@siliconrepublic.com