The most serious of the two is tied to a Windows 10 VBScript engine and can be triggered when a victim visits a malicious website.
Be amazed by the new Dockable Control in Microsoft's sizzle video below.
Microsoft could update the Clipboard in near future with other features such cross-platform sync, and applications like Microsoft Edge for Android could play a big role in this integration.
Neither Kaspersky Lab nor Microsoft have disclosed details of the attack they have observed leveraging this vulnerability, though Microsoft noted in its bulletin that attackers exploiting this vulnerability can gain the same user rights as the logged in user.
Microsoft is also taking this very seriously, writing, "The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements". This vulnerability only affects Windows 7, Windows Server 2008, and Windows Server 2008 R2, the bulletin said. The two major bugs patched had already been executed in the real world, out of 68 total patches. Of the rest of the flaws, 42 are rated as important while four are of low severity. The most pressing of these-CVE-2018-8174-is a vulnerability in the VBScript engine, which can be exploited with relative ease in a Microsoft Office document that uses an ActiveX control, as well as Internet Explorer (IE) and any other software using the Trident rendering engine.
The new feature can be enabled from the Settings System Clipboard.
Meanwhile Adobe has also shipped a new Flash Player update that addresses a single (but critical) security weakness with its much maligned media player. According to Chris Goettl, director of product management at Ivanti, these type of disclosures are for when a "vulnerability has been identified, and there is enough proof-of-concept code or documentation regarding how the vulnerability works that a threat actor has an advantage on creating an exploit before companies will have a chance to push an update".
Microsoft is finally debuting its anticipated cloud clipboard technology as part of the latest Windows 10 "Redstone 5" test build.