
close
close
This month’s Patch Tuesday fixes 63 CVE vulnerabilities, 17 of which are critical for Windows 10.
advertisment
Let’s start with what didn’t happen as expected on Patch Tuesday this month and that’s the release of Windows 10 version 1803, or Spring Creators Update as Microsoft watchers believe it will be dubbed. According to Windows Central, Microsoft found a blocking bug at the last minute and decided to delay the release, possibly for a couple of weeks. But Insiders who already have build 17133, previously thought to be the RTM release, did receive a cumulative update.
This month’s update for Windows 10 for x64-based systems patches twenty-five vulnerabilities in total. Eleven of which are information disclosure, two privilege elevation, one security feature bypass, four denial of service, and seven remote code execution vulnerabilities. Critical updates for Edge and Internet Explorer include several memory corruption flaws that could allow an attacker to run arbitrary code on a user’s PC and a fix for Adobe Flash that encompasses three remote code execution flaws and three information disclosure vulnerabilities.
advertisment
There are five remote code execution bugs (CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, and CVE-2018-1016) in the graphics component of Windows that could allow an attacker to take control of a device using a specially-crafted font. Windows 7 gets six critical patches this month. Five relate to the font issue in the graphics component and CVE-2018-1004 is a remote code execution vulnerability in the VBScript Engine. Windows Defender is also patched for a remote code execution vulnerability (CVE-2018-0986).
This month’s update for Windows Server 2016 patches 27 vulnerabilities in total. Eleven of these are information disclosure, three privilege elevation, two security feature bypass, four denials of service, and seven remote code execution vulnerability. Windows Server 2012 R2 gets patches for twenty-three vulnerabilities.
Device Guard gets a fix (CVE-2018-0966) for a vulnerability that could allow an attacker to make an untrusted file appear to be trusted. And Active Directory gets patched for a problem where it incorrectly applies Network Isolation settings, potentially allowing an attacker that runs a specially-crafted application to bypass firewall policies applied to Modern Applications. CVE-2018-0963 is a kernel escalation of privilege vulnerability that could allow an attacker to run code with elevated permissions. There is also an information disclosure bug for Hyper-V that might allow virtual machines to see the contents of the host operating system’s memory (CVE-2018-0957).
Microsoft Office gets four fixes this month. There are remote code execution flaws in VBScript (CVE-2018-1004) and Excel (CVE-2018-0920), plus an information disclosure vulnerability in .RTF file handling (CVE-2018-0950). SharePoint gets an elevation of privilege fix (CVE-2018-1034) that plugs a hole where an attacker could send a specially crafted request to SharePoint and then run cross-site scripting attacks and run a script in the security context of the user. This flaw could allow an attacker to read content that they are not authorized to read, take actions on the SharePoint site on behalf of the user, and inject malicious content into the browser.
advertisment
More from Russell Smith
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Security
Build 2022: Microsoft Boosts Data Analytics and Cybersecurity in New Training & Certifications
May 24, 2022 | Rabia Noureen
Microsoft Defender for Office 365 to Get Preset Security Policy Improvements In June
May 23, 2022 | Rabia Noureen
CISA Warns Federal Agencies to Mitigate Critical VMware Vulnerabilities by May 23
May 20, 2022 | Rabia Noureen
CISA Warns Windows Admins Against Applying May Patch Tuesday Updates on Domain Controllers
May 17, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group