Nytro Posted July 12, 2017 Report Share Posted July 12, 2017 Microsoft Releases Updates to Fix 26 Security Vulnerabilities in Windows This month’s Patch Tuesday addresses 54 vulnerabilities Jul 12, 2017 05:31 GMT · By Bogdan Popa · Microsoft has rolled out patches to fix a total of 54 vulnerabilities in its products, including a total of 26 security flaws in the Windows operating system. All Windows versions received patches this month, including Windows 7, Windows 8.1, and Windows 10, with critical vulnerabilities addressed for each version. There were no less than 19 critical flaws in the operating system, all of them leading to Remote Code Execution. One of the vulnerabilities that should be prioritized this month when starting patching is documented in CVE-2017-8589. It affects all Windows versions currently receiving support, including not only desktop client versions like Windows 7, 8.1, and 10, but also Windows Server 2008, 2008 R2, 2012, and 2016. The vulnerability resides in the Windows Search service and can be exploited with an SMB attack, though it’s important to note that it’s not related in any way to the security flaw that was exploited as part of the WannaCry and Petya ransomware attackers. The SMB vulnerability used in these attacks has already been patched in March this year. Microsoft explains that this new vulnerability could allow an attacker to get full control of an unpatched system by sending a crafted message to the Windows Search service. Windows Explorer vulnerability Another critical vulnerability that needs to be patched as soon as possible is CVE-2017-8463, which impacts Windows Explorer and thus affects all Windows versions that are still getting support. “To exploit this vulnerability, an attacker would first share both a folder and malware named with an executable extension, and then trick the user into thinking that the malware was the folder. The attacker could not force the user to open or browse the share but could use email or instant messages to trick them into doing so,” Microsoft explains. On the good side, Microsoft says there are no vulnerabilities that are being exploited in the wild, but users are recommended to update their systems as soon as possible anyway. Reboots are required to complete patching, and IT admins need to say work on Windows systems before launching the update. Sursa: http://news.softpedia.com/news/microsoft-releases-updates-to-fix-26-security-vulnerabilities-in-windows-516936.shtml Quote Link to comment Share on other sites More sharing options...
