Microsoft issued for what was described as the “worst Windows remote code exec (execution exploit) in recent memory.” The severe vulnerability in Windows Defender allows an attacker to take over an entire machine without any user interaction.
Hours after this out-of-band emergency patch, Microsoft released its monthly “Patch Tuesday” updates.
The remote code execution flaw (assigned as CVE-2017-0290 by Microsoft in its security advisory) could allow an attacker to remotely execute malicious code and take over an entire machine.
May’s updates also include three other zero-day fixes. It’s important that you update your Windows machines as soon as you can.
Other Zero-day fixes
The first vulnerability (CVE-2017-0261) is a remote code bug that affects Microsoft Office. With this exploit, an attacker can send or trick victims into viewing a poisoned graphics file to take over their machines. Microsoft stated that they have received reports of limited targeted attacks using this flaw.
The next vulnerability (CVE-2017-0263) is an elevation of privilege flaw that allows any logged-in user to take control of a machine by running a specially crafted application. According to Microsoft, this flaw was exploited in the wild.
The third vulnerability (CVE-2017-0222) is another remote code execution weakness, this time in Internet Explorer. This flaw can be triggered with a specially crafted website causing Internet Explorer to improperly access objects in memory. Microsoft stated that this issue was also exploited in the wild.
WannaCry ransomware & SecurityUpdate for Microsoft Windows SMB Server (4013389)
For organisations around the world that have been hit with the WannaCry ransomware, its leveraging a flaw in Microsoft’s Windows SMB service. The critical vulnerability was patched by Microsoft on March 14, MS17-010.