Security News > 2020 > May > Microsoft Addresses 111 Bugs for May Patch Tuesday

An attacker who successfully exploited either vulnerability could run arbitrary code in kernel mode; thus, an attacker could then install programs; view, change or delete data; or create new accounts with full user rights.

In all cases an attack requires user interaction, such as tricking users into clicking a link that takes them to the attacker's site.

"In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability," it said.

He added, "An attacker could also embed an Active X control object in an application or Office document that could be used in a phishing campaign to gain code execution on the machine. It's likely only a matter of time till attackers, such as DarkHotel, incorporate these into their arsenal." DarkHotel has been known to use VBScript bugs in the past.

"Once an attacker has gained access, they could be capable of stealing critical information like source codes, inserting malicious code or backdoors into current projects, and install, modify or delete data. Due to the importance and popularity of Visual Studio Code, it is critical that organizations deploy this patch within 24 hours before this vulnerability is weaponized and deployed."

News URL

https://threatpost.com/microsoft-111-bugs-may-patch-tuesday/155669/