In May’s Patch Tuesday, 68 Windows vulnerabilities have been patched, including two where exploitation had been detected. A vulnerability discovered in VBScript could allow attackers to execute code in the context of the logged in user. This vulnerability could be exploited via certain web browsers or Microsoft Office documents. The second flaw is a privilege escalation vulnerability affecting Win32k which could allow an attacker to execute code in kernel mode. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-777 on Wednesday, May 9th.
Tyler Reguly, Manager at Tripwire:
Today’s VERT Alert addresses Microsoft’s May 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-777 on Wednesday, May 9th.
This privilege escalation vulnerability affecting Win32k could allow an attacker to execute code in kernel mode. According to Microsoft, the newest OS releases aren’t affected, but this is being actively exploited on Windows 7, Windows Server 2008 and Windows Server 2008 R2.
Microsoft has rated this as a 4 on the Exploitability Index (Not affected).
Note: Microsoft has rated this as a 0 (Exploitation Detected) on older software releases.
A vulnerability in VBScript could allow attackers to execute code in the context of the logged in user. This vulnerability could be exploited via certain web browsers or Microsoft Office documents, Microsoft has reported active exploitation of this vulnerability.
Microsoft has rated this as a 0 on the Exploitability Index (Exploitation Detected).
A privilege escalation vulnerability affecting Windows 10 versions 1703 and 1709 as well as Windows Server, version 1709 has been publicly disclosed. A malicious application could take advantage of a flaw in the way the Windows kernel image handles objects in memory in order to execute code with higher privileges.
Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely).
According to Microsoft, this vulnerability only impacts Windows 10 Version 1709 and Windows Server version 1709. It could lead to information disclosure. While this vulnerability alone will not allow for system compromise, it could provide useful information that would further enable compromise.
Microsoft has rated this as a 4 on the Exploitability Index (Not affected).
Note: Microsoft has rated this as a 2 (Exploitation Less Likely) on older software releases.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.
| TAG | CVE COUNT | CVES |
| .NET FRAMEWORK | 2 | CVE-2018-1039, CVE-2018-0765 |
| WINDOWS HYPER-V | 2 | CVE-2018-0959, CVE-2018-0961 |
| GITHUB | 1 | CVE-2018-8115 |
| MICROSOFT WINDOWS | 4 | CVE-2018-0958, CVE-2018-8136, CVE-2018-8170, CVE-2018-8174 |
| MICROSOFT EDGE | 4 | CVE-2018-1021, CVE-2018-8112, CVE-2018-8123, CVE-2018-8179 |
| MICROSOFT GRAPHICS COMPONENT | 4 | CVE-2018-8124, CVE-2018-8164, CVE-2018-8165, CVE-2018-8120 |
| WINDOWS COM | 1 | CVE-2018-0824 |
| MICROSOFT BROWSERS | 2 | CVE-2018-1025, CVE-2018-8178 |
| DEVICE GUARD | 3 | CVE-2018-0854, CVE-2018-8129, CVE-2018-8132 |
| COMMON LOG FILE SYSTEM DRIVER | 1 | CVE-2018-8167 |
| WINDOWS KERNEL | 5 | CVE-2018-8127, CVE-2018-8134, CVE-2018-8897, CVE-2018-8166, CVE-2018-8141 |
| MICROSOFT EXCHANGE SERVER | 5 | CVE-2018-8151, CVE-2018-8152, CVE-2018-8154, CVE-2018-8153, CVE-2018-8159 |
| AZURE | 1 | CVE-2018-8119 |
| INTERNET EXPLORER | 1 | CVE-2018-8126 |
| MICROSOFT OFFICE | 14 | CVE-2018-8155, CVE-2018-8156, CVE-2018-8160, CVE-2018-8161, CVE-2018-8162, CVE-2018-8163, CVE-2018-8168, CVE-2018-8173, CVE-2018-8147, CVE-2018-8148, CVE-2018-8149, CVE-2018-8150, CVE-2018-8157, CVE-2018-8158 |
| MICROSOFT SCRIPTING ENGINE | 17 | CVE-2018-8122, CVE-2018-8128, CVE-2018-8130, CVE-2018-8133, CVE-2018-8137, CVE-2018-8139, CVE-2018-8145, CVE-2018-8177, CVE-2018-0943, CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114 |
Other Information
In addition to the Microsoft vulnerabilities included in the May Security Guidance, a security advisory was also made available.
MAY 2018 ADOBE FLASH SECURITY UPDATE [ADV180007]
Microsoft released updates for Adobe Flash. These correspond with Adobe Update APSB18-16. This includes a fix for CVE-2018-4944.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.