VERT Threat Alert: May 2018 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s May 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-777 on Wednesday, May 9th.
In-The-Wild & Disclosed CVEs
CVE-2018-8120
This privilege escalation vulnerability affecting Win32k could allow an attacker to execute code in kernel mode. According to Microsoft, the newest OS releases aren’t affected but this is being actively exploited on Windows 7, Windows Server 2008, and Windows Server 2008 R2.
Microsoft has rated this as a 4 on the Exploitability Index (Not affected).
Note: Microsoft has rated this as a 0 (Exploitation Detected) on older software releases.
CVE-2018-8174
A vulnerability in VBScript could allow attackers to execute code in the context of the logged in user. This vulnerability could be exploited via certain web browsers or Microsoft Office documents Microsoft has reported active exploitation of this vulnerability.
Microsoft has rated this as a 0 on the Exploitability Index (Exploitation Detected).
CVE-2018-8170
A privilege escalation vulnerability affecting Windows 10 versions 1703 and 1709 as well as Windows Server, version 1709 has been publicly disclosed. A malicious application could take advantage of a flaw in the way the Windows kernel image handles objects in memory in order to execute code with higher privileges.
Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely).
CVE-2018-8141
According to Microsoft, this vulnerability only impacts Windows 10 Version 1709 and Windows Server, version 1709 and could lead to information disclosure. While this vulnerability alone will not allow for system compromise, it could provide useful information that would further enable compromise.
Microsoft has rated this as a 4 on the Exploitability Index (Not affected).
Note: Microsoft has rated this as a 2 (Exploitation Less Likely) on older software releases.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-threat-alert-may-2018-patch-tuesday-analysis/