Welcome to this May Patch Tuesday Bulletin. This month we have 69 unique CVE’s across 9 platforms. There were 7 platforms with critical updates, 2 platforms with important updates, and 2 vulnerabilities being exploited in the wild. Pay close attention to CVE-2018-8120 and  CVE-2018-8174 since they are being actively attacked.  CVE-2018-8120 is an elevation of privilege vulnerability that affects Windows 7 and Server 2008 hosts. Exploiting this vulnerability would require a local user to run a malicious application to elevate privileges. CVE-2018-8174 is a remote code execution vulnerability in the VBScript engine.  This vulnerability can be exploited by navigating to a malicious web page in Internet Explorer or by opening a malicioius office document.  Adobe Flash is affected by a critical vulnerability but Microsoft outlines a potential workaround that disables Adobe Flash in IE through group policy.

Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.

So, without further ado, here’s the chart of MS patches this month.