Microsoft patches 25 critical vulnerabilities

Microsoft,as part of its August Patch Tuesday has released a large batch of 48 security updates consisting of 25 critical, 21 important and 2 moderate in severity for all supported versions Windows systems and other products.

These vulnerabilities impact various versions of Microsoft’s Windows operating systems, Internet Explorer, Microsoft Edge, Microsoft SharePoint, the Windows Subsystem for Linux, Adobe Flash Player, Windows Hyper-V and Microsoft SQL Server.

Some of these are:

CVE-2017-8620: Windows Search Remote Code Execution Vulnerability

This vulnerability affects all versions of Windows 7 and Windows 10, which could be used as a wormable attack like the one used in WannaCry ransomware, as it utilises the SMBv1 connection.
An attacker could remotely exploit the vulnerability through an SMB connection to elevate privileges and take control of the targeted Windows computer.
“A remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft explains.

CVE-2017-8633: Windows Error Reporting Elevation of Privilege Vulnerability

Another elevation of privilege vulnerability resides in Windows Error Reporting (WER) that could allow an attacker to run a specially crafted application to gain access to administrator privileges on the targeted system to steal sensitive information.
“This update corrects the way the WER handles and executes files,” the advisory says.

CVE-2017-8627: Windows Subsystem for Linux DoS Vulnerability

Another important vulnerability is discovered in Windows Subsystem for Linux that could allow an attacker to execute code with elevated permissions.
“To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by correcting how Windows Subsystem for Linux handles NT pipes” the advisory says.
Successful exploitation eventually could allow denial of service attack, leaving the targeted system unresponsive.
Microsoft has released patches for all the vulnerabilities and users are advies to install them immediately.

Author: Cognore

Cyber Security Solution

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s