INSUBCONTINENT EXCLUSIVE:
Enlarge (credit: Lisa Brewster / Flickr)
Microsoft on Tuesday patched two Windows vulnerabilities that attackers are actively exploiting
in the wild to install malicious apps on the computers of unwitting users.
The first vulnerability resides in the VBScript Engine included
in all currently supported versions of Windows
A so-called use-after-free flaw involving the way the engine handles computer memory allows attackers to execute code of their choice that
runs with the same system privileges chosen by the logged-in user
When targeted users are logged in with administrative rights, attackers who exploit the bug can take complete control of the system
In the event users are logged in with more limited rights, attackers may still be able to escalate privileges by exploiting a separate
vulnerability.
CVE-2018-8174, as the flaw is formally indexed, is being actively exploited by attackers, Microsoft officials said
The vulnerability was discovered by antivirus provider Kaspersky Lab, which then reported it to Microsoft
In the exploits observed by Kaspersky Lab:
Read 4 remaining paragraphs | Comments