Microsoft released its May Patch Tuesday updates to address 57 vulnerabilities, one of which had links to a Russian hacking group.
The Redmond, WA-based software giant said it worked with two security firms, ESET and FireEye, to patch the vulnerabilities.
Microsoft said the first attacks ended up spotted in late March, but users running the previous updates were protected, emphasizing how important it is to run a fully up-to-date system.
“Today, to fully address the EPS vulnerability and further protect the small number of customers who may choose to continue using the EPS filter, we released an update to address the Encapsulated PostScript vulnerability,” Microsoft said in a blog post.
There was also a second round of attacks spotted in mid-April, but once again customers ended up protected by previous updates, the company said.
This time, the attacks aimed at exploiting an Office RCE vulnerability detailed in CVE-2017-0262 and a Windows privilege escalation documented in CVE-2017-0263. Russian hackers were once again linked with these attacks, and security companies said Fancy Bear is very likely to be involved as well. Fancy Bear, also known as Strontium, has previously been connected to the Russian government.
Attacks aimed at exploiting these two vulnerabilities attempted to deploy malware flagged as Seduploader and GAMEFISH by the two security vendors.
Windows users are recommended to patch their systems as soon as possible, though they should already be protected if the previous March and April updates were installed. Reboots will be required to complete the install of this month’s Patch Tuesday rollout.