The Windows 10 Mail app is getting new Fluent Design density elements

Microsoft Suspends Windows April Update For Some Systems With Intel SSDs

Microsoft Suspends Windows April Update For Some Systems With Intel SSDs

A bevy of newly revealed vulnerabilities in code from Microsoft and Adobe will require immediate fixing.

Microsoft's May vulnerability count reaches 68 CVEs, 21 of which are rated critical, 45 important, and only two low impact.

Internet Explorer and Edge also have multiple high-priority patches again this month.

Kasperksy Lab has provided a fairly detailed analysis of how the exploit functions. Microsoft also snuck in there the ability to highlight words or phrases in Notepad and search using Bing. Victims that opened the Office document would silently be infected via a malicious webpage opened in the background.

The VBScript code triggers a use after free - a type of memory corruption - vulnerability to run shellcode.

Security experts recommend all Windows users - individuals and businesses alike - patch this flaw as quickly as possible. While most users of Windows use an alternative browser, this method permits the attacker to bypass the default browser selection, forcing IE to load.

In a web-based attack, specially designed web pages could exploit the same vulnerability when using Internet Explorer. Taken together, this is a rather vast attack surface for enterprise users.

Hyper-V is also patched for CVE-2018-0959 and CVE-2018-0961, while CVE-2018-0961 looks after the RCE in Windows Host Compute Service Shim. "An attacker who successfully exploited this (Win32k) vulnerability could run arbitrary code in kernel mode". Bad news then, for those logged in as administrators who are affected by the bug - complete control can easily be gained by the hackers.

The flaw was discovered and reported to it by Anton Cherepanov, a senior malware researcher at ESET, Microsoft says.

Microsoft has been testing a new feature called Cloud Clipboard for Windows 10 and it was originally expected to launch in Redstone 4, but eventually held back for next version of the operating system. Once that update has been applied then the feature update, AKA Windows 10 April Update, will be able to be installed. This particular vulnerability is located in the VBScript Engine, which is included in all supported iterations of Windows. Neither vulnerability was exploited in the wild. "To exploit this vulnerability, an attacker would need to perform a man-in-the-middle (MitM) attack on the network that provisioning was taking place".

There are other fixes in today's Redstone 5 build, along with a list of known issues, which are itemized in Microsoft's blog post about 17666.

Adobe credits discovery of the "critical" flaw, designated CVE-2018-4944, to Jihui Lu of security research group Tencent KeenLab (see 2016 Resolution: Ditch Flash).

Microsoft is finally debuting its anticipated cloud clipboard technology as part of the latest Windows 10 "Redstone 5" test build. For now, users with unspecified Intel SSDs will not receive the April update in both automatic or manual way.

Recommended News

  • Facebook To Reject Foreign Ads On Eighth Amendment

    Facebook To Reject Foreign Ads On Eighth Amendment

    Social network says move is part of its 'efforts to help protect the integrity of elections and referendums from undue influence'. Another innovation will see "additional election integrity tools" implemented alongside a "verification process".
    PELOSI'S PLOT: Nancy Admits Democrat Plan to 'RAISE TAXES'

    PELOSI'S PLOT: Nancy Admits Democrat Plan to 'RAISE TAXES'

    "I do object to what they did in the dark of night to put forth something that gives 83% of the benefits to the top 1%". Asked about her future in Congress if the Democrats fail to win the chamber, Pelosi demurred. "You have to believe".
    National Football League  suspends Saints running back Mark Ingram

    National Football League suspends Saints running back Mark Ingram

    But if the Saints want to roll with their electric runner in Kamara, it's hard to imagine that would be bad thing. He had his first career 1,000-yard season in 2016 and followed that up with another one in 2017.
  • Rudy Giuliani's Trump technique proves he is a ' authorized genius', comic says

    Rudy Giuliani's Trump technique proves he is a ' authorized genius', comic says

    Giuliani's perplexing and sometimes conflicting remarks have increasingly become a cause of consternation for Trump's aides. Trump initially told reporters on Air Force One earlier this month that he didn't know anything about the payment.
    NY Attorney General Eric Schneiderman Resigns Amid Abuse Allegations

    NY Attorney General Eric Schneiderman Resigns Amid Abuse Allegations

    I have not assaulted anyone. "I have never engaged in non-consensual sex, which is I line I would not cross", Schneiderman said. The announcement came in a tweet from Amy Spitalnick, press secretary for the New York State Attorney General's Office.
    Draymond Green responds to death wish he received on Twitter

    Draymond Green responds to death wish he received on Twitter

    This has been a see-saw series, so there is a decent chance that New Orleans brings a much better effort in Game 5. Draymond Green is one of the most passionate players in the entire league, and he's never afraid to speak his mind.
  • Google Maps is adding new Explore and For You sections, more

    Google Maps is adding new Explore and For You sections, more

    Match Scores: A " match " score will be displayed for food and drink venues according to how likely you are to enjoy them. Google is also utilising VPS to take visual cues such as landmarks and features seen by the camera to improve navigation.
    Shire share price rallies as pharmco agrees £46bn deal with Takeda

    Shire share price rallies as pharmco agrees £46bn deal with Takeda

    Takeda, which has seen its market value slide to US$34 billion since announcing its interest , is taking over a much bigger rival. The move comes after UK-listed Shire, a rare disease specialist, had rejected Takeda's advances four times since late March.

    Born pitcher to make Major League Baseball debut

    The Conlon family had emigrated from Falls Road to Southern California during the Troubles when P.J was just two. In 2016 he was named pitcher of the year. "It's just something you dream about.
  • Harden, Rockets aim to close out Jazz in Game 5

    Harden, Rockets aim to close out Jazz in Game 5

    Rubio provides a veteran presence when he's on the floor and while he may play in Game 5, it might be too little, too late. However, the Jazz haven't made it to 100 points in each of their three losses, averaging just under 92 points per game.
    Eurovision: O'Shaughnessy hopes for place at final as performance complete

    Eurovision: O'Shaughnessy hopes for place at final as performance complete

    Other acts in the first semi-final expected to do well include Estonia's Elina Nechayeva and Eleni Foureira from Cyprus . The first ten finalists of the Eurovision Song Contest 2018 will be named in Lisbon, Portugal on 8 May, BelTA informs.
    New snooker world champion strips off

    New snooker world champion strips off

    The title earned him a total of 425,000 pounds, bringing his total for the season to 885,400 pounds. It is one of the best breaks under pressure that I've ever seen.

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.