As piece of job of its August Patch Tuesday, Microsoft has today released a large batch of 48 safety updates for all supported versions Windows systems in addition to other products.
The latest safety update addresses a make of vulnerabilities including 25 critical, 21 of import in addition to ii moderate inwards severity.
These vulnerabilities impact diverse versions of Microsoft's Windows operating systems, Internet Explorer, Microsoft Edge, Microsoft SharePoint, the Windows Subsystem for Linux, Adobe Flash Player, Windows Hyper-V in addition to Microsoft SQL Server.
CVE-2017-8620: Windows Search Remote Code Execution Vulnerability
The close interesting in addition to critical vulnerability of this calendar month is Windows Search Remote Code Execution Vulnerability (CVE-2017-8620), affects all versions of Windows vii in addition to Windows 10, which could hold out used every bit a wormable gear upward on similar the ane used inwards WannaCry ransomware, every bit it utilises the SMBv1 connection.
An assailant could remotely exploit the vulnerability through an SMB connexion to get upward privileges in addition to accept command of the targeted Windows computer.
"A remote code execution vulnerability exists when Windows Search handles objects inwards memory. An assailant who successfully exploited this vulnerability could accept command of the affected system. An assailant could hence install programs; view, change, or delete data; or practise novel accounts amongst sum user rights," Microsoft explains.
"In add-on to safety changes for the vulnerabilities, updates include defense-in-depth updates to assistance ameliorate security-related features."
CVE-2017-8633: Windows Error Reporting Elevation of Privilege Vulnerability
Another pregnant elevation of privilege vulnerability resides inwards Windows Error Reporting (WER) that could allow an assailant to run a especially created application to gain access to administrator privileges on the targeted organisation to pocket sensitive information.
"This update corrects the means the WER handles in addition to executes files," the advisory says.
CVE-2017-8627: Windows Subsystem for Linux DoS Vulnerability
An of import vulnerability has been identified inwards Windows Subsystem for Linux that could allow an assailant to execute code amongst elevated permissions.
"To exploit the vulnerability, a locally authenticated assailant could run a especially crafted application. The safety update addresses the vulnerability yesteryear correcting how Windows Subsystem for Linux handles NT pipes" the advisory says.Successful exploitation eventually could allow denial of service attack, leaving the targeted organisation unresponsive.
Microsoft has likewise released critical safety updates for the Adobe Flash Player for Internet Explorer, although the companionship would end its back upward for Flash at the halt of 2020.
Users in addition to information technology administrators are strongly recommended to apply safety patches every bit presently every bit possible to popular off on away hackers in addition to cybercriminals from taking command over your computer.
For installing safety updates, merely caput on to Settings → Update & safety → Windows Update → Check for updates, or yous tin install the updates manually.
Share This :
comment 0 Comments
more_vert