On the Patch Tuesday this month, Microsoft released the patch updates for several vulnerabilities affecting Windows, MS Office, Exchange Server, etc. Overall there were 50 bugs, of which 11 were considered critical.
Windows 10 users who updated to April 2018 version will see the build 17134.112 (KB4284835) in Windows update. This update will mitigate the Spectre Variant 4 vulnerability called Speculative Store Bypass (CVE-2018-3639), exposed last month by Microsoft and Google.
The Variant 4 uses speculative execution to expose the data to an attacker with local user access through a side channel. Simply, it allows the attackers to access a computer through a logic problem in the central processing unit.
Microsoft stated that a remote code execution vulnerability (CVE-2018-8225) existed in Windows DNS (domain name system). The attackers who exploit this vulnerability could run arbitrary code in local system account. The patch released yesterday addresses this vulnerability by modifying the way Windows DNSAPI.dll handles DNS responses.
Further, Cortana contained an elevation of privilege vulnerability (CVE-2018-8140), which could allow attackers to execute commands with elevated permissions. Microsoft has patched this vulnerability by ensuring Cortana insiders status when Cortana retrieves input.
Among the patches for critical vulnerabilities is one for a remote code execution vulnerability (CVE-2018-8231) that existed when HTTP Protocol Stack improperly handled objects in memory.
It could allow hackers to execute arbitrary code and take over the affected system. The security update corrects the way HTTP Protocol Stack handles objects in memory.
Microsoft also released patches for more critical bugs, including the one in Chakra scripting engine, three in Edge browser, one in Windows Media Foundation, and a zero-day bug in flash player.
To prevent cybercriminals from taking control of computers, all the users should apply security patches as soon as possible. These security updates can be easily installed by heading on to Settings → Update & security → Windows Update → Check for updates.