Threat Watch

Microsoft Patches Nine Bugs

A zero-day vulnerability targeting older Windows operating systems has been addressed along with nine critical vulnerabilities. CVE-2018-8611 is known as an EoP bug that attacks Windows 7. Its CVSS rating is seven which is high in severity. “An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” said Microsoft. In order for this to be done, the attacker would have get into the system and run an application that would take control. The nine vulnerabilities affect Microsoft products such as Internet Explorer, Edge, ChakraCore, and Office. Five out of nine of these are linked to the Chakra scripting engine which is Microsoft’s Java engine. These flaws are memory-corruption flaws that inject arbitrary code which would eventually lead to a system takeover. The 39 bugs that have been patched is a surprisingly low number for a whole month.

ANALYST NOTES

If users’ systems are affected by these bugs, it is important that they update them immediately. Keep up with Microsoft because new bugs and vulnerabilities arise each day so there will be more to patch and update as time goes on.