Patch Tuesday: Microsoft mends RCE bug exploited by cyber-espionage group

"Microsoft Corporation's Patch Tuesday security update yesterday fixed 67 bugs, including two that have been actively exploited in zero-day attacks, and another two whose details became public.

The first zero-day vulnerability, CVE-2018-8174, is a remote code execution vulnerability in the Windows VBScript Engine, caused by an improper handling of objects in memory. Attackers can exploit this vulnerability to acquire the same user rights as the current legitimate user, and ultimately gain full control of an affected system.

BleepingComputer, citing researchers from Qihoo 360reported last month that an APT group has been exploiting this bug in a complex attack that affects the latest versions of Internet Explorer and any other applications that use the IE kernel."

Read the rest of the article at SC Media UK.


Collection of patches

Photo by Jakob Owens on Unsplash