If you are a regular reader of Komando.com, you should know by now that Microsoft issues a set of cumulative updates once a month.
This day, which usually falls on the second Tuesday of each month, is unofficially called Patch or Update Tuesday by tech fans and savvy Windows PC users alike.
It’s not exactly a big red-letter day for the tech industry but IT professionals and regular consumers mindful of computer security are always eager to know what each Patch Tuesday brings.
May 2018 Patch Tuesday
May 2018’s Microsoft Patch Tuesday update includes fixes for 68 bugs, 21 of which are rated critical, 45 as important, and two as low impact.
Two of the critical patches are considered zero-days so it’s important to patch them as soon as you can.
Zero-day vulnerabilities are previously unknown software exploits that are already being used by hackers even before the software makers are made aware of them.
This is actually the first cumulative update after the rollout of the latest major Windows 10 feature makeover called the April 2018 Update.
Warning: If you already have the Windows 10 April 2018 Update (version 1803), think twice about applying this month’s patches. There are reports that the May updates are causing boot issues to some machines. If you want to wait it out, here’s how to delay, postpone or defer your Windows updates.
Zero-day “Double Kill” Flaw Fix
The most critical patch is for the zero-day “double kill” vulnerability in Microsoft’s Internet Explorer we told you about last month.
With this bug, hackers are distributing malicious Microsoft Office documents to install malware and backdoors on infected Windows machines via a previously unknown “double kill” vulnerability in Internet Explorer and any other application that use the browser.
The patch fixes the vulnerability by changing how VBScript deals with objects in memory. (CVE-2018-8174)
Windows 7 Zero-day Fix
Another patch is for a zero-day flaw for Windows 7 and Windows Server 2008 R2. The flaw is an elevation of privilege vulnerability in the Win32k subsystem of both systems, which could allow an attacker to run malicious software and take over your computer. (CVE-2018-8120)
Meltdown Fatal Flaw Patch for Fall Creators Update
We also told you earlier this week about the Meltdown fatal flaw that affects all Windows 10 machines that haven’t installed the April 2018 Update yet. This flaw basically bypasses Microsoft’s earlier Windows 10 Meltdown fixes and it renders the recent patches ineffective.
Alex Ionescu, the person who reported the flaw, confirmed on Twitter that Microsoft fixed the issue in May’s updates for machines that are still on the Fall Creators Update (Version 1709) and they are now patched properly against Meltdown.
Windows 7 Memory Leak Fix
The SMB memory leaks in Windows 7 and Server 2008 that were still present in March’s buggy Patch Tuesday Updates are finally fixed with this month’s updates, as well.
This was an issue that was acknowledged by Microsoft, which forced them to stop March’s Windows 7 and Server 2008 R2 Monthly Rollup (KB 4088875) from deploying automatically.
Other critical patches in May’s updates include 12 fixes for web browser memory corruption flaws in Microsoft Edge and Internet Explorer. Four patches are also included for flaws in the Microsoft Edge web browser’s Chakra Scripting engine.
Remote Code Execution fixes are also included for Windows Hyper-V hypervisor. These flaws would have allowed an attacker to execute remote malicious code and take over a machine.
Do you still use Flash? Update ASAP
And as usual, Microsoft also bundled patches for Adobe products in its Patch Tuesday updates too.
This month, Flash Player gets a critical fix for a Type Confusion Flaw that affects all platforms including browsers and standalone Flash Players.
If you still rely on using Flash Player for websites (you shouldn’t), it’s important that you update to the latest version 188.8.131.52 immediately.
How to update Windows
Most Windows machines are set to download and install updates automatically by default. If you haven’t changed your automatic update settings then you should be fine.
If you want to check, here’s how:
On Windows 10, click Start (Windows logo), choose “Settings,” select “Update & Security,” then on the “Windows Update” section, select “Check for Updates.” (Note: the “Windows Update” section is also handy for showing you updates that are currently being downloaded or applied.)
If you have an older Vista or Windows 7 system, check out our tips on how to set up and check Windows Updates.
For Chrome, Internet Explorer 11, and Microsoft Edge browsers, the updates should be applied automatically after a restart. For other browsers, you may need to update the Flash plugin manually.
–> Click here to use our Adobe Flash Update Tool guide for download and install instructions.
The latest Flash Player version for Windows, Mac, Chrome, Microsoft Edge and Internet Explorer 11 and Linux is 184.108.40.206.
IN OTHER NEWS, RUSSIANS ARE TARGETING HOME ROUTERS. HERE’S HOW TO PROTECT YOURSELF
We’ve been warning you about how vulnerable your router can be if it’s not configured properly. And it’s not just cybercriminals that we need to guard against. State-sponsored hackers that have completely different motives are equally dangerous too.