Windows 10 to Let You Alt+Tab Between Browser Tabs and Apps

Windows 10 to Let You Alt+Tab Between Browser Tabs and Apps

Windows 10 to Let You Alt+Tab Between Browser Tabs and Apps

MICROSOFT AND Google appear to have quietly sorted out the mess that was created by the Windows 10 April Update.

New support for Power BI Visualizations in Excel, meaning developers can now extend custom visuals generated for Power BI to Excel to engage more users. The critical vulnerability allowed an attacker to perform remote code execution through a variety of ways, such as a compromised website, ads or Office documents.

Internet Explorer and Edge also have multiple high-priority patches again this month. "This technique allows one to load and render a web page using the IE engine, even if default browser on a victim's machine is set to something different". The bug, designated as CVE-2018-8120, is being exploited in the wild.

"May's Patch Tuesday is here and it looks like these monthly releases have plateaued at around 70 CVEs patched per month", noted Karl Sigler, threat intelligence manager of SpiderLabs (at Trustwave).

An attacker would need to be logged into the target already in order to exploit the flaw, which is why it's listed as "important" rather than critical.

Also on Tuesday, Microsoft issued an update for its Windows Server virtualization platform, Hyper-V.

"May's release also contains the out of band patch for CVE-2018-8115 affecting the Windows Host Compute Service Shim library", said Sigler.

The fix issued Tuesday updates vulnerable operating systems and versions. "As usual, the majority of fixes are browser-related, but Microsoft Office is also seeing its fair share this month". Meanwhile, Microsoft's Corporate Vice President of Operating Systems, Joe Belfiore said that the company will only ship its Sets feature once it is ready. Neither vulnerability was exploited in the wild. It exists in Windows 7, Windows RT, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012 and Windows Server 2016.

Two others worth mentioning are CVE-2018-8141, a kernel information disclosure flaw affecting Windows 10 1709, and CVE-2018-8170, an elevation of privilege vulnerability in Windows 1709 and 1703 32-bit.

"Despite a Word document being the initial attack vector, the vulnerability is actually in VBScript, not in Microsoft Word", Kaspersky Lab researchers say.

Related news

[an error occurred while processing the directive]