icetray - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Microsoft resolves zero-day exploits on May Patch Tuesday

Microsoft resolved two zero-day exploits and two public disclosures, amid more than 65 exploits affecting operating systems, browsers and Microsoft Office this May Patch Tuesday.

Administrators will have fewer zero-day exploits to worry about -- including the Double Kill vulnerability -- after rolling out the May Patch Tuesday updates.

The updates resolved the Double Kill vulnerability (CVE-2018-8174), which was discovered by security firm Qihoo 360 that affected all supported Windows operating systems. The critical vulnerability allowed an attacker to perform remote code execution through a variety of ways, such as a compromised website, ads or Office documents.

"It gave a very wide number of attack possibilities in this case," said Chris Goettl, director of product management at Ivanti, based in South Jordan, Utah. "That would definitely make it so that the OS updates this month are a high priority."

A second zero-day exploit (CVE-2018-8120) resolved this month gave attackers the opportunity to exploit how Win32k handles objects in memory to elevate their privilege. In Windows 7, Windows Server 2008 and Windows Server 2008 R2, the attacker could run arbitrary code in kernel mode to view or edit data, create new accounts or install programs.

Chris Goettl, director of product management, IvantiChris Goettl

"If hypothetically an attacker were to use that Double Kill exploit on a Windows 7 box, but the user was a regular user, they could then use this attack, elevate their privilege level, and now they've got full control of the system," Goettl said.

The zero-day exploits are two of the more than 65 vulnerabilities overall that Microsoft addressed in the May Patch Tuesday updates, many of which affect operating systems, browsers and Office. Exchange administrators should note two patches, including one that addresses a spoofing vulnerability (CVE-2018-8153).

"[There's] an interesting one, an [Outlook Web Access] issue where somebody could perform an injection attack by crafting an email properly and then having a user access that in OWA," said Gill Langston, director of product management at Qualys, based in Redwood City, Calif.

Another Exchange patch addresses a memory corruption vulnerability (CVE-2018-8154), which an attacker could use to execute code.

Internet Explorer and Edge also have multiple high-priority patches again this month.

After resolving zero-day exploits and more critical patches, administrators' attention should turn to patches securing Hyper-V. One (CVE-2018-0961) allows a guest operating system to send Hyper-V packets to the host to compromise it. Another (CVE-2018-0959) addresses arbitrary code execution from a guest application on an operating system.

For more information about the remaining security bulletins for May Patch Tuesday, visit Microsoft's Security Update Guide.

Dig Deeper on Windows Server and Network Security

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How do you prioritize multiple critical fixes each Patch Tuesday?
Cancel

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchEnterpriseDesktop

SearchVirtualDesktop

Close