Critical Windows bug fixed today is actively being exploited to hack users

Enlarge (credit: Lisa Brewster / Flickr ) Microsoft on Tuesday patched two Windows vulnerabilities that attackers are actively exploiting in the wild to install malicious apps on the computers of unwitting users. The first vulnerability resides in the VBScript Engine included in all currently supported versions of Windows. A so-called use-after-free flaw involving the way the engine handles computer memory allows attackers to execute code of their choice that runs with the same system privileges chosen by the logged-in user. When targeted users are logged in with administrative rights, attackers who exploit the bug can take complete control of the system. In the event users are logged in with more limited rights, attackers may still be able to escalate privileges by exploiting a separate vulnerability. CVE-2018-8174, as the flaw is formally indexed, is being actively exploited by attackers, Microsoft officials said. The vulnerability was discovered by antivirus provider Kaspersky Lab, which then reported it to Microsoft. In the exploits observed by Kaspersky Lab: Read 4 remaining paragraphs | Comments

More here:
Critical Windows bug fixed today is actively being exploited to hack users

About kanmg

Check Also

Mario Armstrong Holiday Gifts - OtterBox

Mario Armstrong Holiday Gifts – OtterBox

**Sponsored Content** Digital Lifestyle Expert, Mario Armstrong, partnered with OtterBox to share the perfect gift …

Critical Windows bug fixed today is actively being exploited to hack users

Enlarge (credit: Lisa Brewster / Flickr ) Microsoft on Tuesday patched two Windows vulnerabilities that attackers are actively exploiting in the wild to install malicious apps on the computers of unwitting users. The first vulnerability resides in the VBScript Engine included in all currently supported versions of Windows. A so-called use-after-free flaw involving the way the engine handles computer memory allows attackers to execute code of their choice that runs with the same system privileges chosen by the logged-in user. When targeted users are logged in with administrative rights, attackers who exploit the bug can take complete control of the system. In the event users are logged in with more limited rights, attackers may still be able to escalate privileges by exploiting a separate vulnerability. CVE-2018-8174, as the flaw is formally indexed, is being actively exploited by attackers, Microsoft officials said. The vulnerability was discovered by antivirus provider Kaspersky Lab, which then reported it to Microsoft. In the exploits observed by Kaspersky Lab: Read 4 remaining paragraphs | Comments

Originally posted here:
Critical Windows bug fixed today is actively being exploited to hack users

About kanmg

Check Also

Mario Armstrong Holiday Gifts - OtterBox

Mario Armstrong Holiday Gifts – OtterBox

**Sponsored Content** Digital Lifestyle Expert, Mario Armstrong, partnered with OtterBox to share the perfect gift …

Critical Windows bug fixed today is actively being exploited to hack users

Enlarge (credit: Lisa Brewster / Flickr ) Microsoft on Tuesday patched two Windows vulnerabilities that attackers are actively exploiting in the wild to install malicious apps on the computers of unwitting users. The first vulnerability resides in the VBScript Engine included in all currently supported versions of Windows. A so-called use-after-free flaw involving the way the engine handles computer memory allows attackers to execute code of their choice that runs with the same system privileges chosen by the logged-in user. When targeted users are logged in with administrative rights, attackers who exploit the bug can take complete control of the system. In the event users are logged in with more limited rights, attackers may still be able to escalate privileges by exploiting a separate vulnerability. CVE-2018-8174, as the flaw is formally indexed, is being actively exploited by attackers, Microsoft officials said. The vulnerability was discovered by antivirus provider Kaspersky Lab, which then reported it to Microsoft. In the exploits observed by Kaspersky Lab: Read 4 remaining paragraphs | Comments

See the original post:
Critical Windows bug fixed today is actively being exploited to hack users

About kanmg

Check Also

Mario Armstrong Holiday Gifts - OtterBox

Mario Armstrong Holiday Gifts – OtterBox

**Sponsored Content** Digital Lifestyle Expert, Mario Armstrong, partnered with OtterBox to share the perfect gift …

Leave a Reply

Your email address will not be published. Required fields are marked *