Patch Tuesday May 2018

BeyondTrust Research Team
May 9th, 2018

patch tuesday

Welcome back to this month’s Microsoft Patch Tuesday. With 67 vulnerabilities in total, 21 critical – including one flaw that is actively being exploited in the wild. The Windows scripting engine was being exploited to execute code remotely on the system with the security context of the current user. This exploit was not publicly being disclosed prior to patching.

Internet Explorer and Edge

Microsoft’s browsers received their usual amount of attention in this month’s round of patches. Of the vulnerabilities for the browsers, 18 of them were marked as Critical. Microsoft also has indicated that the vulnerabilities are likely to be targeted for exploitation. None of these vulnerabilities have been known to be exploited in the wild.

Kernel

Windows Kernel returns to Patch Tuesday with a round of fixes. None of the vulnerabilities in Windows Kernel were rated as Critical. However, one vulnerability in the kernel was being exploited to elevate the privileges of a user. Attackers exploiting these vulnerabilities may be able to glean information leaked from objects in memory being mishandled, as well as elevate their privileges.

Office

Office also received the usual round of fixes. None of the vulnerabilities in Office were rated Critical. Attackers leveraging these vulnerabilities would be able to remotely execute code with privileges equal to that of the current user. Exercising the principals of least privilege will help protect against these types of vulnerabilities.

Adobe Flash Player

Adobe Flash Player received a fix for a Critical vulnerability. The vulnerability allowed for attackers to remotely execute code on the affected system. The attacker would have privileges equal to that of the affected application.

.NET Framework

Microsoft’s .NET Framework received a host of fixes. None of the patched vulnerabilities were rated Critical. An attacker leveraging these vulnerabilities could cause Denial of Service conditions, and bypass security features.

Scripting Engine

Microsoft’s Scripting Engine contained a vulnerability that was actively being exploited. The VBScript Engine contained a remote code execution vulnerability that had not been disclosed prior to being patched. A user needs only visit a malicious website to have the attacker’s code be executed on their machine. Microsoft rated this vulnerability as Critical. Other vulnerabilities fixed in the engine resulted in Denial of Service and Information leaks.

BeyondTrust Research Team

The BeyondTrust Research Team is known for identifying new trends in enterprise security, including some of the very first critical Microsoft security vulnerabilities. By providing in-depth research analysis of the latest and cutting-edge vulnerabilities, the team’s goal is to educate our customers on the evolving threat landscape while shaping the future of BeyondTrust’s privilege and vulnerability management solutions.