Microsoft Patches Two Zero-Day Flaws Under Active Attack

It's time to gear up for the latest May 2018 Patch Tuesday. Microsoft has today released security patches for a total of 67 vulnerabilities, including two zero-days that have actively been exploited in the wild by cybercriminals, and two publicly disclosed bugs. In brief, Microsoft is addressing ...

CVE-2018-8174

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka “Windows VBScript Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1,...

Security Updates for Windows Server 2008 (May 2018)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Credential Security Support Provider protocol CredSSP. An attacker who successfully exploits this vulnerability could relay user...

KLA11241 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, bypass security restrictions, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerabili...

VulnCheck KEV: CVE-2018-8174

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution"...

KB4103726: Windows Server 2012 May 2018 Security Update

The remote Windows host is missing security update 4103726 or cumulative update 4103730. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully...

PT-2018-1311 · Microsoft +3 · Ie +5

Name of the Vulnerable Software and Affected Versions: Microsoft Windows VBScript Engine versions prior to the fixed version Description: A remote code execution issue exists in the way the VBScript engine handles objects in memory. This allows remote attackers to execute arbitrary code and affec...

KB4103721: Windows 10 Version 1803 and Windows Server Version 1803 May 2018 Security Update

The remote Windows host is missing security update 4103721. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability...

CVE-2018-1004

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Internet Explorer 9, Windows RT 8.1, Windows Server 2012, Windows 8.1,...

CVE-2018-1004

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Internet Explorer 9, Windows RT 8.1, Windows Server 2012, Windows 8.1,...

Remote Code Execution Vulnerability in Microsoft Windows VBScript Engine

Microsoft Windows is the popular computer operating system. A remote code execution vulnerability exists in the Microsoft Windows VBScript Engine, which can be exploited by an attacker to execute arbitrary code in the current user context...

Microsoft Windows Multiple Vulnerabilities (KB4093111)

This host is missing a critical security update according to Microsoft KB4093111 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Windows VBScript Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabili...

KLA11896 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, cause denial of service. Below is a complete list of vulnerabilities: 1. A memory corrupti...

KLA11221 Multiple vulnerabilities in Microsoft Windows

Multiple serious vulnerabilities have been found in Microsoft Windows . Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, cause denial of service and possibly to bypass security restrictions. Below is a complete list of...

KB4093122: Windows Server 2012 April 2018 Security Update

The remote Windows host is missing security update 4093122 or cumulative update 4093123. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in...

Microsoft Windows Multiple Vulnerabilities (KB4025339)

This host is missing a critical security update according to Microsoft KB4025339 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4025331)

This host is missing a critical security update according to Microsoft KB4025331 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4025336)

This host is missing a critical security update according to Microsoft KB4025336 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Internet Explorer Scripting Engine Remote Memory Corruption Vulnerability (CNVD-2017-05770)

Internet Explorer is a web browser from Microsoft. A memory corruption vulnerability exists in the way Internet Explorer handles memory objects in the JScript/VBScript engine presentation, which can be exploited by an attacker to execute arbitrary code...