RSS Feed
News
May
14
Alert: Reported Microsoft Vulnerabilities
Posted by Kian Ng on 14 May 2018 05:15 PM

Dear users of Microsoft Windows Servers,

Microsoft has released multiple security patches to address vulnerabilities affecting its Operating System and other products, including two zero-days that have been observed to be actively exploited. If you have subscribed to Business Support, simply email to help@readyspace.com to request for the patching to be done. If you have not subscribed to Business Support, you can do the patching yourself or opt for our team to do it for you as a one-time Professional Service. 

Details of vulnerabilities:

1. The first, CVE-2018-8174, is a critical Remote Code Execution (RCE) vulnerability. Also dubbed as "Double Kill", which is a violated attempt to access memory after it has been freed. The issue resides in the way the VBScript Engine (included in all currently supported versions of Windows) handles objects in computer memory, corrupting memory in such a way that an attacker could execute arbitrary code in the context of the current user. This flaw allows an attacker to remotely take control of an affected system. The exploit could be delivered through malicious Office documents or links in emails that force the URL contents to be loaded in Internet Explorer.

 

2. The second, CVE-2018-8120 is a privilege-escalation flaw that occurred in the Win32k component of Windows when it fails to properly handle objects in computer memory. To exploit this vulnerability, an attacker would first have to gain access to the system. This could be achieved by tricking the recipient to open malicious Office documents sent via email, allowing an attacker to remotely take control of an affected system.

 

Affected Versions include:


1. CVE-2018-8174

All currently supported versions of Windows, including:

  • Windows 7, 8.1, RT 8.1, 10
  • Windows Server 2008, 2012, 2016

2. CVE-2018-8120

  • Windows 7
  • Windows Server 2008
  • Windows Server 2008 R2


For your necessary action.

Best regards, 



ReadySpace Team 


Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).

ReadySpace Helpdesk - Giving you space for growth