CVE-2018-8414, CVE-2018-8373 Fixed in August 2018 Patch Tuesday

Microsoft has released their latest wave of updates in the August 2018 Patch Tuesday addressing some serious vulnerabilities. Among them are issues related to the remote code execution and weaknesses exploited by popular viruses and Trojans to gain entry to the victim systems. Read on further to find out which issues have been fixed in the latest updates release.

Microsoft Released the August 2018 Patch Tuesday Updates: What Has been Fixed

One of the most severe issues that has been fixed is a vulnerability that was discovered in June. It is tracked under the CVE-2018-8414 advisory and details a Windows Shell Remote Code Execution. When this problem is exploited by the attackers a Windows Shell script will not validate properly the file paths. As a result the attackers can execute arbitrary code in the context of the currently logged user. If this is the currently logged administrator the malicious script can take control of the affected system. This effectively allows the hacker operators to install applications, retrieve or modify data. When the elevated privileges are acquired newer accounts can be created on the machine, effectively allowing constant remote desktop use. To exploit this issue the hacker operators will require the victims to open a malicious file. This can be done by sending out phishing emails, hosting infected payloads or using scripts that lead to the infection.

The other severe issue that has been fixed is tracked under the CVE-2018-8373 advisory detailing a remote code execution flaw. The problem has been found to be within Internet Explorer and the way it manages objects in memory. Fortunately there are not reports of active infections yet however upon further analysis the problem appears to be similar to another issue that has (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | SensorsTechForum.com authored by Martin Beltov. Read the original post at: https://sensorstechforum.com/cve-2018-8414-cve-2018-8373-fixed/