HomeCyber BalkansMicrosoft addresses 2 Windows zero-days during May Patch Tuesday

Microsoft addresses 2 Windows zero-days during May Patch Tuesday

Published on

spot_img

In the latest news regarding cybersecurity, Microsoft has successfully closed two Windows zero-day vulnerabilities that were being actively exploited. This month’s Patch Tuesday saw the resolution of 60 unique new CVEs, along with the republishing of eight CVEs for third-party software that affect Microsoft products. Additionally, two vulnerabilities were publicly disclosed, requiring immediate attention from IT professionals.

The first zero-day vulnerability addressed by Microsoft is an elevation-of-privilege flaw targeting the Windows Dynamic Window Manager (DWM) Core Library in Windows desktop and server systems. This flaw, rated as important with a CVSS score of 7.8, allows an attacker to obtain system privileges on the targeted system without the need for user interaction. The second zero-day vulnerability is a security feature bypass flaw in the Windows MSHTML platform, affecting both desktop and server systems. Rated important with an 8.8 CVSS score, this vulnerability exploits flaws in the Object Linking and Embedding (OLE) technology in Microsoft 365 and Office applications.

Furthermore, Microsoft also addressed a Visual Studio denial-of-service vulnerability, rated important with a CVSS score of 5.9, which requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.

In a separate development, Google recently patched two critical zero-day vulnerabilities in Chrome, which also affect the Microsoft Edge browser due to their shared Chromium code base. Microsoft released out-of-band fixes for Edge and included the Chrome zero-days in its May Patch Tuesday release. This emphasizes the importance of updating all browsers to ensure security, as highlighted by Chris Goettl, vice president of product management for security products at Ivanti.

However, updating browsers can be challenging as they require individual restarts to apply patches, leaving them vulnerable if updates are ignored. Goettl stresses the need for IT professionals to have proper patch management tools to maintain security effectively.

Moreover, a critical vulnerability in SharePoint Server was also addressed by Microsoft, with an assessment of “exploitation more likely” due to its remote-code execution potential. Additionally, patches for development tools like Visual Studio require cooperation between security, IT, and development teams to ensure that vulnerabilities are resolved without breaking essential functionalities.

Overall, the cybersecurity landscape continues to evolve, and IT professionals must remain vigilant in addressing vulnerabilities and implementing necessary security measures to protect their organizations from potential cyber threats.

Source link

Latest articles

OkoBot Malware Exploits ClickFix and SeedHunter to Steal Seed Phrases from Ledger and Trezor Devices

A newly identified malware framework known as OkoBot has emerged, specifically targeting cryptocurrency users...

Why AI in Healthcare Requires Enhanced Data Oversight

Attorney Jordan Cohen of Akerman Addresses AI Challenges in Healthcare In a rapidly evolving landscape...

When 80,000 Fans Log On at Once: Unique Cybersecurity Issues of the 2026 World Cup

In light of the imminent 2026 World Cup, which will unfold across sixteen cities...

NPM Ecosystem Faces Two New Supply Chain Compromises

Malicious Code Discovered in npm Packages: A Growing Threat In a troubling development within the...

More like this

OkoBot Malware Exploits ClickFix and SeedHunter to Steal Seed Phrases from Ledger and Trezor Devices

A newly identified malware framework known as OkoBot has emerged, specifically targeting cryptocurrency users...

Why AI in Healthcare Requires Enhanced Data Oversight

Attorney Jordan Cohen of Akerman Addresses AI Challenges in Healthcare In a rapidly evolving landscape...

When 80,000 Fans Log On at Once: Unique Cybersecurity Issues of the 2026 World Cup

In light of the imminent 2026 World Cup, which will unfold across sixteen cities...