The recently-patched flaw could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

In total, Microsoft’s May Patch Tuesday roundup included 68 security patches, with 21 listed as critical, 45 rated important and two listed low in severity.

Microsoft has said it will not patch a two-decade-old Windows SMB vulnerability, called SMBloris because it behaves comparably to the Slowloris attacks. The flaw will be disclosed and demonstrated during DEF CON.

FireEye said threat actors are using the NSA’s EternalBlue exploit of the same Microsoft SMBv1 vulnerability as WannaCry to spread Nitol and Gh0st RAT.

The Terror exploit kit has matured into a greater threat and carefully crafts attacks based on a user’s browser environment.

A rash of Java-based remote access Trojans is targeting tax filers with bogus IRS attachments.

Microsoft Patch Tuesday fixes 45 vulnerabilities, one being an active zero-day bug used to spread the Dridex banking Trojan.

Researchers are keeping close tabs on a new ransomware strain called Spora that offers victims unique payment options.

Microsoft released a hefty load of security bulletins today, which included a patch for a JScript and VBScript scripting engine vulnerability being publicly exploited. The flaw is addressed in its own bulletin, MS16-053, but users need to pay attention to, and apply MS16-051 as well since the attack vector is through Internet Explorer. MS16-051 addresses...

A core Windows command-line utility, Regsvr32, used to register DLLs to the Windows Registry can be abused to run remote code from the Internet, bypassing whitelisting protections such as Microsoft’s AppLocker. A researcher who requested anonymity found and privately disclosed the issue to Microsoft on Tuesday. It’s unknown whether Microsoft will patch this issue with...