Microsoft issued May 2018 Security Updates that include at least 68 vulnerability fixes, 21 of them rated critical. The updates address multiple Microsoft products to include Windows, Internet Explorer, Edge, Office, Office Services and Web Apps, ChakraCore, Exchange Server, Windows Host Compute Service Shim and Adobe Flash.
Microsoft noted one critical Remote Code Execution Vulnerability (CVE-2018-8174) as “Exploitation Detected” and should be patched as soon as possible. The bug relates to the way that the VBScript engine handles objects in memory resulting in remote code execution.
A second bug impacting a Windows Win32k component was also being exploited, according to Microsoft. An elevation of privilege vulnerability (CVE-2018-8120) exists in Windows when the Win32k component fails to properly handle objects in memory.
Qualys also pointed out that two other vulnerabilities that relate to Microsoft’s Hyper-V product and could allow a guest virtual machine operating system to compromise the host.
The first vulnerability addresses the abuse of vSMB packets (CVE-2018-0961) and the second (CVE-2018-0959) could allow arbitrary code execution on the host from a guest OS.
Microsoft also released an out-of-band patch update on May 2 to address a remote code execution vulnerability (CVE-2018-8115) in Windows Host Compute Service Shim (hcsshim) library. The vulnerability occurs when the hcsshim library fails to properly validate input while importing a container (e.g., Docker) image.
See the Security Update Guide and May summary release notes for more details on all patches.